July 7, 2015 By Kevin Beaver 2 min read

You’ve no doubt heard of next-generation firewalls over the past few years. But what does that term mean? Well, taking a high-level look at the market, it’s easy to assume that it’s merely this year’s model with the words “next-generation” slapped on the label. Old-school firewall meets marketing bandwagon, and thus a new security product category is formed. But that’s not necessarily the case.

The Value of Advanced Firewalls

Sure, vendor hype in the information security industry can be downright awful. But, giving security product vendors the benefit of the doubt, it’s not that simple to categorize these defenses. Next-generation firewalls are more than a marketing ploy. There’s certainly some enterprise value in these devices, such as:

  • Layer 7 application controls, including content filtering and social media protection;
  • Integrated intrusion prevention;
  • Network-level malware detection, analysis and blocking;
  • Detailed threat intelligence for enhanced detection and response;
  • Data loss prevention;
  • Bring-your-own-device (BYOD) management.

Keep in mind that next-generation firewalls, or at least their technologies, may also be branded as unified threat management (UTM). Whatever the system is called, with such features, what more could professionals ask for to keep their enterprise environment in check? For starters, you have to ensure that the included features address specific needs present in your organization.

Ask the Right Questions About Next-Generation Firewalls

The potential for risk investing in next-generation firewalls certainly exists — i.e., spending good money on something you didn’t need, especially when other common security basics haven’t yet been addressed. Talk is cheap; vendor hype is real. Don’t be a bandwagon jumper. If you’re going to go down the path of next-generation firewalls, ask yourself — and especially prospective vendors — the hard questions. Consider inquiries such as:

  • Is integrating multiple security controls into one system going to create more of a single point of failure? What about network performance issues?
  • Are each of the individual security controls (i.e., application-layer and malware protection) truly what you need? If so, are they good enough to address the threats and vulnerabilities your business faces given your environment and its unique circumstances?
  • Are the monitoring and reporting features adequate for your real-time needs? What about for compliance and auditing?
  • How will these features help reduce your known risks?
  • How does your vendor’s support measure up? Do you feel comfortable that they’ll be there when the going gets rough? Are they forthcoming with information and quick to patch their own security flaws?

Today’s next-generation network environments can certainly benefit from enhanced tools such as next-generation firewalls. The consolidation and simplification of the security controls offered in next-generation firewalls can be reason enough to invest in one; ditto for the visibility provided by the single interface of a next-generation firewall.

You’ll never have a perfect-fit security appliance. However, do yourself and your business a favor and understand what it is that you truly need. What are your vulnerabilities and gaps? What threats do you face? What are the resulting business risks? Don’t let a marketing slick or smooth-talking sales guy force a next-generation firewall onto your network. Only you’ll know if it makes sense.

More from Network

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today