Skip to main content

Next Generation Firewall

Home > Security > Next Generation Firewall

What Makes a Firewall “Next Generation”?

Maximize Network Security with Next-Generation Firewalls

Traditional firewalls are port-based. This means that users are only identified by their IP address and services are only mapped to ports. However, users change IPs and use multiple devices, and most malicious traffic now hides as encrypted traffic on trusted ports.

BENEFITS

Features of Next-Generation Firewalls

How a Next Generation Firewalls Address These Issues

There’s a wide variety of features in next-generation firewalls that perform inspection level beyond creating rules regarding specific IPs and ports. However, the most important of them all is TLS/SSL Decryption (“traffic decryption”). The other clever inspection techniques don’t amount to much if the firewall can’t see inside the payload.

After a successful decryption deployment, the following next-generation features come into full effect:

Antivirus · Intrusion Prevention · Sandboxing · File Blocking · Application Visibility & Control

Antivirus / Antispyware: Block malicious files passing through the firewall based on signature matching.

Intrusion Prevention: Examines network traffic to identify and block attacks based on known vulnerabilities.

Application Visibility & Control: Traditional port-based firewalls identify an “application” by identifying the port number. This feature identifies an application regardless of port and works with applications that use multiple or non-standard ports.

Sandboxing: Traditional malware detection is signature based. To cover the time lag between when malware is released and when a signature is created, sandbox scans the files not matched by Anti-virus and uploads it to the cloud for further analysis and sandboxing. The verdict is then sent back to the firewall and can alert administrators.

File Blocking: Protects from both data exfiltration and malicious software ingress to the network. File blocking uses MIME types and blocks unauthorized files as they travers the firewall.

When these features are used in combination, they make for powerful protection against threats traversing your network. However, it’s very common to find next-generation firewalls deployed, and functioning little better than a port-based firewall, because it takes a significant amount of work to adopt these features without breaking production traffic. Many organizations do not have the resources to complete this internally.