You’ve no doubt heard of next-generation firewalls over the past few years. But what does that term mean? Well, taking a high-level look at the market, it’s easy to assume that it’s merely this year’s model with the words “next-generation” slapped on the label. Old-school firewall meets marketing bandwagon, and thus a new security product category is formed. But that’s not necessarily the case.

The Value of Advanced Firewalls

Sure, vendor hype in the information security industry can be downright awful. But, giving security product vendors the benefit of the doubt, it’s not that simple to categorize these defenses. Next-generation firewalls are more than a marketing ploy. There’s certainly some enterprise value in these devices, such as:

  • Layer 7 application controls, including content filtering and social media protection;
  • Integrated intrusion prevention;
  • Network-level malware detection, analysis and blocking;
  • Detailed threat intelligence for enhanced detection and response;
  • Data loss prevention;
  • Bring-your-own-device (BYOD) management.

Keep in mind that next-generation firewalls, or at least their technologies, may also be branded as unified threat management (UTM). Whatever the system is called, with such features, what more could professionals ask for to keep their enterprise environment in check? For starters, you have to ensure that the included features address specific needs present in your organization.

Ask the Right Questions About Next-Generation Firewalls

The potential for risk investing in next-generation firewalls certainly exists — i.e., spending good money on something you didn’t need, especially when other common security basics haven’t yet been addressed. Talk is cheap; vendor hype is real. Don’t be a bandwagon jumper. If you’re going to go down the path of next-generation firewalls, ask yourself — and especially prospective vendors — the hard questions. Consider inquiries such as:

  • Is integrating multiple security controls into one system going to create more of a single point of failure? What about network performance issues?
  • Are each of the individual security controls (i.e., application-layer and malware protection) truly what you need? If so, are they good enough to address the threats and vulnerabilities your business faces given your environment and its unique circumstances?
  • Are the monitoring and reporting features adequate for your real-time needs? What about for compliance and auditing?
  • How will these features help reduce your known risks?
  • How does your vendor’s support measure up? Do you feel comfortable that they’ll be there when the going gets rough? Are they forthcoming with information and quick to patch their own security flaws?

Today’s next-generation network environments can certainly benefit from enhanced tools such as next-generation firewalls. The consolidation and simplification of the security controls offered in next-generation firewalls can be reason enough to invest in one; ditto for the visibility provided by the single interface of a next-generation firewall.

You’ll never have a perfect-fit security appliance. However, do yourself and your business a favor and understand what it is that you truly need. What are your vulnerabilities and gaps? What threats do you face? What are the resulting business risks? Don’t let a marketing slick or smooth-talking sales guy force a next-generation firewall onto your network. Only you’ll know if it makes sense.

More from Network

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

4 min read - View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

4 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in New Space

7 min read - View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth, there has also been an expansion of the cyberattack surface of space systems. Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture. Threat Actors' Methodology Every space system architecture is composed of three…

7 min read