There is a new generation of devices heading for your network. Having a "Next Generation Firewall" in place makes sure you are ready. Here are the 5 main factors you need to consider when planning for your next firewall purchase.
1) Application Visibility and Application Control
It used to be simple when you could just block ports or services to control application access on your network. Now your network has run amok with applications you cannot see or control and which use multiple or various ports including port 80. You could just issue a company policy that states “No Facebook”, but we all know how well that works right? You could block port 80 which would net more work generated from the sales people, but the marketing department won’t be able to keep the social media portion of their latest lead generation campaign going.
Application level control allows you to set policies depending on the user and the application. For example: You can block Facebook Chat completely, without blocking Facebook. Or, allow someone to look at Facebook, but not post updates to it. The next generation firewall does this in stride.
2) Threat Prevention
In order to prevent threats effectively, any network needs to first reduce the avenues of attack by controlling which applications run on it. Then, a firewall needs to scan “allowed” application traffic for threats more broadly, while not limiting them to a strict definition of a particular type of threat (e.g., "virus" or "exploit"). SecurEdge Networks next generation firewalls deliver a high performance threat prevention solution.
The Next Generation Firewall can limit traffic to only approved applications, thereby avoiding risks from unnecessary applications. A byproduct of this is also reduced bandwidth consumption from unnecessary traffic. The Next Gen Firewall can also scan "good" applications for a wide variety of threats, even confidential data leaks.
3) Simplify Security Infrastructure
Every time a new application or threat appears, network security vendors sell Enterprise IT a new appliance. Unfortunately, adding more appliances adds complexity and cost, and doesn’t solve the root security problem: the inability to identify and control applications, users, and content.
At the end of the day, having all these extra devices that constantly need updates and monitoring will not make your network any more secure. The next generation firewall has anti-virus, spam filtering, deep packet inspection, application control and much more.
4) 1 Gigabit is 1 Gigabit
Lots of firewall vendors tout wire speed throughput on their products. Claims are made that the product offers full Gigabit throughput from every port. When in fact the truth is once you turn on the services for AV, malware, SPAM, IDS/IPS, etc… the throughput gets chopped to less than 1/3 of the actual advertised speed. Because of the way a Next Generation Firewall is built when 1 Gigabit throughput is advertised 1 Gigabit is what you get regardless of how many services are on or off. Ask any firewall vendor for real world throughput when all services are turned on and then see what the claims are.
5) It’s the Simple Things
It looks like 172.16.1.222 is the machine eating up all our bandwidth---now how are you going to find out who’s machine that is? The next generation firewall ties into directory services. No more looking for IP addresses and trying to track down a user only to find out somehow the barcode scanner in the library is downloading music at 3am on a Wednesday night. I know exactly what devices a user has on the network by looking up their name.
These are just a few of the new features in the next generation firewall series. Want to know more about how a Next Generation Firewall can help secure your network? Contact us here to find out how we can analyze and optimize your network for maximum performance and security.