Sorting Through the Hype of Next-Generation Firewalls

July 7, 2015
| |
2 min read

You’ve no doubt heard of next-generation firewalls over the past few years. But what does that term mean? Well, taking a high-level look at the market, it’s easy to assume that it’s merely this year’s model with the words “next-generation” slapped on the label. Old-school firewall meets marketing bandwagon, and thus a new security product category is formed. But that’s not necessarily the case.

The Value of Advanced Firewalls

Sure, vendor hype in the information security industry can be downright awful. But, giving security product vendors the benefit of the doubt, it’s not that simple to categorize these defenses. Next-generation firewalls are more than a marketing ploy. There’s certainly some enterprise value in these devices, such as:

  • Layer 7 application controls, including content filtering and social media protection;
  • Integrated intrusion prevention;
  • Network-level malware detection, analysis and blocking;
  • Detailed threat intelligence for enhanced detection and response;
  • Data loss prevention;
  • Bring-your-own-device (BYOD) management.

Keep in mind that next-generation firewalls, or at least their technologies, may also be branded as unified threat management (UTM). Whatever the system is called, with such features, what more could professionals ask for to keep their enterprise environment in check? For starters, you have to ensure that the included features address specific needs present in your organization.

Ask the Right Questions About Next-Generation Firewalls

The potential for risk investing in next-generation firewalls certainly exists — i.e., spending good money on something you didn’t need, especially when other common security basics haven’t yet been addressed. Talk is cheap; vendor hype is real. Don’t be a bandwagon jumper. If you’re going to go down the path of next-generation firewalls, ask yourself — and especially prospective vendors — the hard questions. Consider inquiries such as:

  • Is integrating multiple security controls into one system going to create more of a single point of failure? What about network performance issues?
  • Are each of the individual security controls (i.e., application-layer and malware protection) truly what you need? If so, are they good enough to address the threats and vulnerabilities your business faces given your environment and its unique circumstances?
  • Are the monitoring and reporting features adequate for your real-time needs? What about for compliance and auditing?
  • How will these features help reduce your known risks?
  • How does your vendor’s support measure up? Do you feel comfortable that they’ll be there when the going gets rough? Are they forthcoming with information and quick to patch their own security flaws?

Today’s next-generation network environments can certainly benefit from enhanced tools such as next-generation firewalls. The consolidation and simplification of the security controls offered in next-generation firewalls can be reason enough to invest in one; ditto for the visibility provided by the single interface of a next-generation firewall.

You’ll never have a perfect-fit security appliance. However, do yourself and your business a favor and understand what it is that you truly need. What are your vulnerabilities and gaps? What threats do you face? What are the resulting business risks? Don’t let a marketing slick or smooth-talking sales guy force a next-generation firewall onto your network. Only you’ll know if it makes sense.

Kevin Beaver
Independent Information Security Consultant

Kevin Beaver is an information security consultant, writer, and professional speaker with Atlanta-based Principle Logic, LLC. With over 29 years of experienc...
read more