Comparison of next-generation firewalls: no perfect product

Source: Internet
Author: User

A few years ago, vendors said they could provide a variety of security features (Including Intrusion Prevention System functions and application control) on a device. Then we saw the next generation of firewalls emerging.

In the current market research on the next generation firewall (NGFW), experts said that not every NGFW provides the functions that every enterprise wants, and, in some cases, too many features may not be a good thing.

Gartner, an IT analysis company, released the magic Quadrant report on enterprise network firewall in December April. The report shows that NGFW products from Check Point and Palo Alto are well-deserved market leaders. The NGFW devices of Fortinet, Cisco, and Juniper Networks were named challengers by Gartner, and more than 10 vendors were considered as niche suppliers.

Greg Young, vice president of research at Gartner and one of the authors of the magic quadrant reports on the firewall, said Check Point and Palo Alto stand out among many competitors because they provide a wide range of product features, and can be effectively expanded in a large-scale enterprise environment, which is a problem for many niche suppliers.

Despite these competitive advantages, the leading NGFW is by no means perfect. He pointed out that the NGFW of Check Point and Palo Alto is expensive and unacceptable, and enterprises cannot even make full use of all the security functions provided by them.

For example, Gartner said in its magic Quadrant report that most Check Point customers only need the vendor's software blade subscription service to activate the typical NGFW function, this includes IPS, application control, and user identity. However, functions such as email security and data loss protection cannot be selected.

In many cases, Young says that in addition to the two top suppliers, some little-known NGFW vendors generally offer more cost-effective products that only provide the functions required by the enterprise, let enterprises make the best choices based on their needs.

"Different products are suitable for different use cases," says Young. "Don't just focus on top suppliers, just like when you buy a car, we should not just look at which manufacturer produces the fastest car."



More functions and more problems

While many features of NGFW are more attractive to some enterprises, Young warned that enabling all of these features may lead to performance degradation.

Young pointed out that some next-generation Firewall vendors have recently added web anti-malware as a selling point. However, enabling this function affects the performance of the NGFW device, and anti-virus software is more suitable for protecting web gateways or other security products except NGFW.

"A single console view is certainly good, but not all functions should be in one device," Young said. "Many next-generation firewalls have the anti-virus function, however, we find that most enterprises do not enjoy this function well."

Robert Smithers, CEO of independent IT Testing Company Miercom, said many NGFW products would suffer performance degradation when enabling additional features. Smithers said that its company has tested more than a dozen next-generation firewalls and found that Sophos products have the best performance when all related functions are enabled, and Intel's McAfee products have also performed well.

Smithers recommends that enterprises evaluating NGFW should consider which features will be used in their environments and study how the product performs when all required features are enabled.

"When you turn on all these features, everything will slow down. 10 Gbit/s products become 3 Gbit/s products, "Smithers pointed out that compared with NGFW, unified Threat Management devices (UTM) are more suitable for small and medium-sized enterprises, although he rarely sees UTM deployment in large enterprise environments.

"I saw the next generation of Firewall vendors trying to have all the functions. They are saying, 'Wait a moment, you don't need anti-virus software, '" Smithers continued, "I'm not sure whether the truth is correct."



NGFWIs it your correct choice?

Young said that for enterprises that want to buy NGFW devices, the price, function, and performance seem to be the most important factor, many enterprises will not spend enough time to consider whether they can effectively deploy the next generation firewall.

For example, application control is one of the main features of NGFW that surpasses Traditional firewalls. However, this function is not useful if enterprises do not deploy the correct policies.

Some enterprises enable NGFW only because they are available, but they need internal experts to adjust their devices to make full use of these products. In some instances, enterprises may need specific experts. For example, Smithers pointed out that the Check Point system must be deployed by Check Point experts, which may cause some enterprises to hesitate.

Before deploying NGFW, enterprises must also consider the network type of deployment, because such products usually generate a large number of alarms in the flat network.

"We do see people drowned in alert information," Young says. "So if you cannot handle a large number of alerts, this means that you may not be able to deploy NGFW devices ."

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.