Today, one of the most powerful weapons in the fight against cybercrime is the next-generation firewall (NGFW).  Gartner coined the term over a decade ago and while the definition has remained mostly the same over the years, NGFWs have evolved to combat new threats which can plague data networks.

ngfw2

Gartner’ original definition included the following: “Next-generation firewalls (NGFWs) are deep-packet inspection firewalls… including application-level inspection, intrusion prevention, and intelligence from outside the firewall.”

Prior to NGFW, firewalls were considered “static.”  In laymen’s terms, they scanned just the surface of data packets as they entered the firewall.  TechTarget writes: “In static packet filtering, only the headers of packets are checked.”

As a result, cybercriminals quickly learned to go around the firewalls and were  able to send viruses and malware to business networks.  That is when a more sophisticated approach was needed – a firewall that could analyze the packets of data more deeply and make decisions about what applications (and users) were allowed to pass through the firewall.  The NGFW came about in the early 2000s to combat the increasingly sophisticated cybercrime attacks as well as meet the new demands of the application-centric world of business.

One of the hallmarks of the NGFW is “application intelligence.” A NGFW can literally be programmed to make decisions and recognize, for instance, such granular policies as what Facebook posts are legit and what are not.  The NGFW were designed to be adaptable to each business and allow network administrators to set parameters.  As more applications and social media networks became prevalent in the workplace, the NGFW had to address all the possible threats that came with new applications.

Today, the ability of the NGFW to search and analyze data more deeply, as well as have “application intelligence” has been a revolution for organizations around the world.

ngfw3

 A Grim Outlook for 2017:

While the NGFW has been a windfall to businesses that want to protect their work-products, the cyberattacks persist.

Government Technology reports that the grim outlook of the cyber-landscape for 2017 is not much better than 2016: “The U.S. will continue to suffer data breaches and other cybersecurity failures that harm both the economy and consumer confidence in the ability of government and enterprises to meet emerging threats. As we connect more electronic systems and expand the Internet of Things, these concerns and failures will increase despite frantic enterprise spending on cybersecurity technology, which reached a record $75 billion in 2015.”

This leads security experts to ponder the following:  if organizations have next-generation firewalls, …why should there ever be cause for concern?  Why the bleak outlook?

 Today’s Threat Landscape is Different:

Today’s attacks are much different than the ones ten years ago.  As such, NGFWs have had to improve on their current capabilities.  According to Cisco Systems, groups of adversarial hackers have banned together to “…become a community that trades intellectual property and sometimes works together. This increases the amount and speed of attacks as well as the range of possible threat sources.”

Many cybercriminals now do their damage in days or hours, while it may take months for victims to discover they have been attacked and respond. To be truly effective, defenders must approach real-time abilities to detect and respond to attacks.

Security Policy – A Must-Have:

Many companies do not have a security policy, which means, in part, building a concise inventory of assets, users, applications, and traffic flows.  However, without knowing what you have, data can be stolen quickly and this may not be detected for months. Traditional NGFW solutions typically force organizations to buy multiple disparate security solutions (such as firewalls, VPN gateways, Web filters, and other appliances) from different vendors to get multilayer protection. Today security vendors are developing NGFWs to help organizations unify their security approach and policies.

Bring Your Own Device or BYOD:

The advent of BYOD or “bring your own device to work” has also changed the threat landscape for businesses over the past decade.  As more employees use their own mobile phones, tablets and laptops on the company server and VPN, the more vulnerable the business or organization.  If an employee accidently clicks on a malicious link or opens an rogue email that looks legitimate, it poses a threat for the company.  While BYOD has potentially saved companies hundreds of thousands of dollars in purchasing technology equipment, it has also presented more opportunities for cybercriminals to attack.

Network World writes in a report about BYOD, “…Hackers are now attacking different vectors simultaneously, and are more creative as they hide malware within packets or within applications.”

A Look at the Next “Next-Generation” Firewall:

When deploying a NGFW in today’s environment, there is significant value in aligning with a partner that will take a unified approach to security.  New innovations in NGFW technologies such are designed to address critical pain points associated with traditional defense-in-depth security measures. For instance, newer Cisco NGFW’s provide more focused traffic control through application-level classification within a HTTP packet.  This allows for a deeper level of granularity when approaching such applications as Facebook chat.

When looking for a NGFW, experts recommend that organizations look at a solution with modern features which can provide a comprehensive threat prevention and full contextual awareness of all the users, infrastructure, applications, and content. This functionality allows for the detection of multi-vector threats and the implementation of automated defense responses.  New NGFWs also provide more analytical reporting, using Big Data techniques, to help companies recognize where the threats are originating from and what vulnerabilities could cause damage in the future.

As Adam Hills of Gartner says, “…it’s important for firewall customers to understand that many vendors can call themselves “next-generation” legitimately. Customers must do the hard work of determining which features of the NGFW are most important to them, and which vendors deliver those capabilities most effectively.”

 

DiamondIT’s experience securing networks for Cities, School Districts and Police Departments ensures clients get the right level of threat protection for their budget. To get a better understanding of what you need to secure your business network, let DiamondIT perform a security assessment today!