When discussing network security, firewalls are the number one item that comes up. That is because they often are a company’s first line of defense and the most visible. Firewalls are devices that sit at the border of the network, preventing unwanted traffic from entering a company as well as stopping malicious traffic from leaving. As companies grow and their security needs increase, firewalls need to do more than just block traffic.
As the need for additional features grow, firewall devices need to adapt. This growth in capability eventually dove the need for what is now called “Next-Generation Firewalls”. Next-Gen firewalls have several more features than their original counterparts. Like any firewall, they can block unwanted traffic, but now have the ability to detect additional items like which application is using those ports. This way if an attacker uses an allowed port such as port 80 to send malicious traffic, it can be detected and blocked. Older versions of firewalls did not have this capability so it was easy to “spoof” ports and interject malicious traffic into a network.
Today’s Next-Gen firewalls have several other new functionalities that keep computer networks safe.
- Intrusion detection/prevention to block malicious traffic that is outside of the scope of what a simple port blocking can do.
- Detect when viruses or malware are seen on the network and can alert an administrator.
- DNS and URL filtering to ensure users do not unintentionally reach out to malicious servers effectively stopping an attack before it happens.
- User filtering based on which user is sending traffic. This functionality integrates with services like Microsoft Active Directory to apply specific rules based on per-user context securing an environment without disrupting a company’s work flow.
- VPN connections become easier to implement and secure as Next-Gen firewalls offer more options to secure the users that connect from a remote location.
Threat intelligence is another Next-Gen feature that has been getting a lot of attention by the security community. According to Gartner:
“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”.
Simply put, threat intelligence is an up to date view of what attackers are doing across the entire attack continuum, which helps increase the chances that network defenders can detect and stop attacks. Next-Gen firewalls use threat intelligence to block malicious IPs, URLs, domain names, files and other indicators of compromise by understanding and stopping the latest attacker tactics before they can do any damage.
One of the greatest advantages for companies that deploy Next-Gen firewalls is the cost savings of having a single device do the job that now takes many. Instead of owning and managing an intrusion prevention system, identity access controls, web access proxy, application filtering system, SSL interception system, and threat intelligence system, companies get all of this functionality in one single device. This translates to cost saving for a business by reducing the amount of separate security appliances, licensing, etc. and by reducing the amount of time and money needed for implementation and employee training.
With all these new features built into Next-Gen firewalls managing them can become a full-time job. It often takes a team of a few well qualified and trained professionals to ensure that your firewalls are functioning as expected. With continuous updates required to keep signatures and threat intelligence up to date there is always work to be done on these devices. The days of “set and forget” are over. This is where a managed firewall service can help. Managed firewall services can be bundled to include the hardware device, initial design/configuration, installation and ongoing support/maintenance for a monthly service fee.