Technology companies have always been good at pushing the latest and greatest thing. Sometimes products or industry trends come with a lot of hype so it’s hard to know if it’s a trend to ignore or if it’s something that you should really take advantage of and implement.
If you’re in the information technology world, you’ve most likely heard the term “next generation firewalls”. But what is a next generation firewall? And should it mean anything to the average network admin interested in keeping his data secure?
Traditional Firewalls (that we’ve been using for more than a decade) look at ports, IP addresses, and packets. Then you write all sorts of policies based upon who is allowed this type of access and through what port. The challenge with this in today’s environment, is that you are forced to “poke holes” in the firewall to allow services like VPN, VoIP, or another service. Once you begin to do this, you introduce risks to your network.
Next generation firewalls are different because they do two things:
1) Classify risks by Applications and Content, not by port.
Do you care what port someone is on? Or are you more concerned that someone is using Bit Torrent on your network? Chances are you’re more concerned with the application someone is using or where they are going online. Next generation firewalls focus in on the applications being used instead of ports or IP addresses. Now we’re able to classify applications and traffic, which port someone is on becomes irrelevant.
2) Provide Application and User Level Controls
Traditionally, security policies were applied based upon IP addresses. But IP schemes and where people log into the network has gotten too complex for that to be effective in today’s environment. Next generation firewalls can integrate with directory services identifying the user and can classify applications so now your network has the ultimate visibility and control. Your firewall policies can be specific: “anyone in the “student” role on my network can access Facebook but can’t post anything to Facebook during school hours.
Once you’ve implemented an edge security solution with this type of granularity and control, we don’t think you’ll ever return to the port based world. Next generation firewalls are here to stay.
At SecurEdge, we specialize in building secure access networks with visibility and control. If you’re looking for a security solution, you can request a discussion with one of our Network Engineers. We’d love to be a resource for you.
