How to compare and select next-generation Firewall

How to compare and select next-generation Firewall

The security situation is changing every day. For example, changes within an enterprise include how applications are securely used and communicated. Although from the availability perspective, this change is a benefit in many cases. However, if improperly handled, it may also become a disaster for information security personnel.

To cope with this change, Enterprise Firewall vendors have produced a new generation of firewall devices, namely, the next generation firewall. These devices are different from traditional firewalls in many different ways. Let's take a look at these differences and see how they affect enterprise network security.

What is traditional firewall?

A traditional Firewall is a device that can control inbound and outbound communication from a certain point in the network. This type of firewall works by using a stateless method or stateful method based on the protocol type.

The communication that uses stateless monitoring only simply checks each packet and cannot understand the data stream. To some extent, stateful communication can use monitoring protocols to track communication streams and record their locations within the life cycle of data streams.

Obviously, firewalls that can track the status are more efficient than firewalls that cannot track the status. However, many traditional firewalls only work on Layer 2 to Layer 4 and can only track communications based on the information.

Other features of traditional firewalls include Network Address Translation, port address translation, virtual private network (VPN), and advanced availability and performance.

What is next-generation firewall?

Many security vendors refer to their new firewalls as "next-generation firewalls", but their product features may be different from those of other vendors. Generally, the next-generation firewall product should include the following features: Application Awareness, status detection, integrated intrusion defense system, and identity awareness (user and group control), bridging and routing modes, the ability to use external intelligence sources, and so on.

The following describes the features of the Next Generation firewall in detail: 1. Application Awareness

The biggest difference between traditional firewalls and next-generation firewalls is that the next-generation firewalls can perceive applications. Traditional firewalls rely on common application ports to determine the running applications and attack types. The next generation firewall does not consider that a specific application is running on a specific port. The firewall must be able to monitor communications from Layer 2 to Layer 7, and decide which communication is sent and received.

The most common example is the current use of HTTP and port 80. Traditionally, this port is only used for HTTP Communication, but now the situation is different, and a large number of different applications use this port to send communication between the terminal device and the central server. There are many methods to use common ports for different types of communication. One of the most common methods is tunnel technology. With the help of tunneling technology, communication is built inside the traditional HTTP data field, and encapsulation is unbundled at the destination node. From the traditional firewall's point of view, this seems to be a simple HTTP Web communication, but for the next generation firewall, its real purpose was discovered on the firewall before it could reach the target node. If such communication is permitted by the policy of the Next Generation firewall, it is allowed; otherwise, the firewall will block communication.

2. Identity awareness

Another big difference between traditional firewalls and next-generation firewalls is that they can track the identities of local communication devices and users, it generally uses an existing enterprise authentication system (such as the Active Directory and Lightweight Directory Access Protocol ). By using this method, information security personnel can not only control the communication types allowed to access the network, but also control which specific user can send and receive data.

3. Status Detection

Although the next generation firewall does not differ in the definition of state detection, it does not only track the communication status from the second layer to the fourth layer, instead, you must be able to track the communication status from Layer 2 to Layer 7. These differences allow security personnel to implement more control and enable administrators to develop more precise policies.

4. the integrated IPS system can detect attacks based on several different technologies, including threat features, known vulnerability exploitation attacks, abnormal activities, and Communication Behavior Analysis.

In environments where traditional firewalls are deployed, intrusion detection systems or intrusion defense systems are often deployed. Generally, a device is deployed either by an independent device or by a logically independent device. In the next generation firewall, intrusion protection or intrusion detection devices should be fully integrated. The functions of the intrusion protection system are not different from those of the system when it is deployed independently. In the next generation firewall, the main difference lies in the performance and how all layers of communication can access information.

5. Bridging and routing Modes

Although the bridging or routing mode is not completely new, this feature of the Next Generation firewall is still very important. Many traditional firewalls are deployed in today's networks, but most of them are not the next-generation firewalls. To make it easier to transition to the next-generation firewall, the next-generation firewall must be able to connect in bridging mode (also known as transparent mode), and the device itself is not shown as part of the routing path. For any particular enterprise, the next generation firewall should gradually replace the traditional firewall at the right time to use the routing mode.

Comparison of next-generation firewalls

Many information security solutions on the market today claim to be the next generation firewall. How can we find the differences? Next we will discuss several reviews and compare the standards of the Next Generation Firewall:

1. Can the next generation firewall defend against attacks against server and client applications? What is the degree of defense?

2. Can it be circumvented or escaped?

3. Is it stable and reliable?

4. Can this solution strengthen inbound and outbound application policies?

5. Can this scheme strengthen the inbound and outbound identity policies?

6. What is the performance?

Further, choosing which firewall device to deploy depends on a limited number of factors. This is because most devices meet the requirements of the Next Generation firewall and can perform the same tasks. So why not select this one? Security Managers may initially choose based on their personal preferences and instincts, sometimes based on facts or evidence of hearsay, but these have become part of the selection criteria.

When selecting a specific solution, we should consider the efficacy of the device. One of the main aspects is the proportion of attacks that can be prevented by specific solutions when attacks are targeted at servers and client applications. Although the differences between different solutions may be very small, it is precisely this small difference that may become a watershed for serious security events and frustrating attacks.

Another factor to consider is the total throughput of the device. Since these devices cannot be directly compared in terms of total throughput, how can we better use this standard? One way is to measure the cost of each protected bit. What is the opportunity cost if an enterprise selects a vendor first without review? That is, a smaller or more powerful version meets the requirements of the enterprise environment.

The last factor that enterprises need to consider is the power and space used by the solution. If the problem persists, different devices cannot be directly compared. A simple comparison and determination method is to divide the device consumption by the device size (or by the total device throughput ), compare the computing results of different devices.

Conclusion

Nowadays, various new threats are emerging. For any enterprise, it is critical to keep an eye on the latest attacks. The implementation of the next-generation Firewall should be a key step in the enterprise's security deployment plan.

The next generation firewall is becoming increasingly mature and basically provides complete functions. Therefore, the reason why buyers choose this product instead of another product is often the individual specifications and features. In the future, enterprises will increasingly need such products, and the competition for the next generation firewall will be more intense, and the cost of products will be gradually reduced.

Among the many next-generation firewall products, there are both small and medium-sized enterprises and brands that meet the needs of large enterprises. Leaders in this field will inevitably appear in the near future, because all Firewall vendors will move from traditional firewalls to the next generation firewall product lines.