Does the firewall make the enterprise security upgrade?

Traditional firewalls, next-generation firewalls, Web application firewalls, UTM, cloud firewalls, etc., are you being selves here by these nouns, are they the concept of a manufacturer or are they really used? In the complex firewall market, who will stand out and lead the enterprise to the future safety road? Today, we will discuss the development of firewalls and trends.

A mixed firewall market

Firewall is a combination of software and hardware devices, between the internal and external network, private network and public network interface between the construction of protective barriers. It will allow or restrict the transmission of data in accordance with specific rules. Since June 1991 ANS Company's first firewall product ans interlock Service firewall listing, the firewall market has gone through 20 years of development, from the initial packet filtering to the current integrated security gateway.

However, the characteristics of the firewall does not bring about the performance of the enterprise security, but let the enterprise lost in the function of choice. In the firewall market with more concepts than examples, what kind of products can meet customer needs? What is the firewall market in the eyes of manufacturers?

A dedicated firewall like the Web application Firewall (WAF) is very promising. Web application firewalls can ensure that web-based malware does not set foot in your business. It can also prevent hackers from exploiting vulnerabilities into the 7th layer of OSI, which in turn prevents further intrusion. With the increasing trend of web application attacks, such firewall products are favored by users. About the Web application firewall product selection, you can refer to the "2011 Best Web Application firewall products."

Take another look at UTM (Unified threat Management). UTM has a powerful function, it is like a fusion of many products. The common UTM features are as follows:

Traditional firewall protection

Intrusion detection and defense

Virtual Private Network (VPN)

Content filtering

Gateway Malicious software filtering

Junk Mail filtering

Data loss Protection (DLP)

Vulnerability Management

However, UTM this kind of all-inclusive characteristic also has its shortcoming, often the performance and the stability cannot keep up with, seemingly cannot satisfy the telecommunication class enterprise. For small and medium-sized enterprises that are interested in enhancing their perimeter security services, UTM equipment is very cost-effective. For the selection of UTM products, reference to the 2011 Best Unified Threat Management (UTM) products.

Often used to compare with UTM when the next generation of firewalls (NGFW), the next generation of firewalls than UTM late, many people are in the wait-and-see state, that it and UTM no big difference. The concept of next-generation firewalls is proposed by Gartner, and Gartner predicts that future NGFW will inevitably replace traditional firewalls. NSS Labs also tested NGFW products, which is also intended to promote NGFW.

Recently, CEO Dean Drako of the Web application firewall and the next-generation firewall provider Pike Network Limited (Barracuda Networks Inc.) also spoke of his views. "In the entire attack, attackers usually have four different ways to attack," he said. The first is through mail, in the mail there are viruses, trojans, malware, etc. the second is through the browser, you browse some websites, download some things, and then some malicious things on the inside fermentation; the third is to attack a port or device via the network; the fourth is to attack the website. ”

"There are four products that correspond to four different types of attack." Mail corresponds to the spam and virus firewall, the browser corresponds to the Web page filter, the Internet corresponds to the traditional firewall, and the Web site corresponding to the Web application firewall. ”

He explained, "the browser-oriented products and network-oriented products are the next firewall, some people call it the next generation firewall, some people call it utm, in fact, are the same, just different market means." ”

For the Web application firewall that we mentioned earlier, Dean says, "Some users put a firewall on the front end of the site and a Web application firewall (WAF) to put two of them together." But some experienced IT managers will know that it is enough to have a Web application firewall on the front end of the site. ”

From Dean's talk, we can learn that for manufacturers, UTM and the next generation of firewalls are essentially no different, and the manufacturer of the Web application firewall also have enough confidence and expectations.

Where is the firewall road?

Virtualization, cloud computing, mobility is bringing tremendous changes to the entire IT community, and manufacturers are starting to put forward the concept of "cloud Firewall". Cisco believes that the cloud Firewall has the following four characteristics: anti-Zombie network/Trojan, to prevent network internal host infection, cloud detection-Global IPS linkage, cloud access--ssl VPN, cloud monitoring-the only support NetFlow firewall, the NOC and SOC to achieve the two integration.

Whether it is the cloud wall, the next firewall, or the future will be what the rain firewall and so on, we just hope that these are not clouds. Perhaps the future trend is that the low-end market needs a functional fusion of firewalls, and high-end market needs a dedicated firewall, but no matter what, only to meet customer demand, in the actual use can provide good efficiency and security of the firewall is king.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/