Skip to main content

Next-Generation Firewalls : What You Need To Know

The firewall is one of information security's oldest devices developed to protect an organisations internal network from external threats, whilst allowing positive communications. Today, with new web applications and evolving security threats, many firewalls are overdue for renewal due to ageing hardware which can't keep up with throughput demands.

Although firewalls have to do more than they have ever done, the recession has meant that many businesses have failed to update or renew their software to protect themselves against advancing threats introduced by Web 2.0 and other drivers.

So why is your firewall failing you today? At one time, Port 80 was the default for web traffic, however the advent of Web 2.0 has introduced new threats targeting applications, sensitive data and IT resources, so relying on port and protocol combinations to define network applications is no longer enough.

Firewalls need to be capable of performing deep packet inspection of all data, on all ports over all protocols in order to determine which applications are running over which ports. Some vendors will tell you that Unified Threat Management (UTM) is the answer. It's not, even for SME organisations.

Traditional firewalls and security devices cannot see or control user activity or risk of data loss, so your business will be exposed to the risk of sensitive and confidential data leaving the network.

IPS, proxies and URL filtering are the most common firewalls, but none of these enable an organisation to control the applications that run on their networks, users or content. Firewalls should provide visibility and control of applications, users, and content but in reality most only show you ports, protocols, packets, and IP addresses - which are all meaningless!

Every IT director knows that an archaic firewall poses many business threats, but it also poses many questions - should you upgrade your model to a faster one from the same vendor, switch vendors, or move to next-generation firewalls at the next refresh opportunity?

The challenges that businesses face today are not only due to rapid advancement in technology, but also a result of a changing user culture and a new generation of addicted internet users that are potentially smarter than the IT teams that support them. Increasingly, internet-savvy employees are taking control of the network as they develop a confidence in new technologies, driven by increased use of apps, smartphones and tablets at home.

Full, unrestricted access to everything on the Internet is seen as an employee's right and many are collaborating and sharing knowledge online without waiting around for IT support or endorsement. The result is a social enterprise full of potential rewards, but also business critical risks. These include data loss due to unauthorised employee file transfers and data sharing, uncontrolled and excessive use of personal applications, excessive bandwidth consumption resulting in escalating operational costs and down-time caused by malware as a result of application vulnerability.

Next-generation firewalls provide a solution to this problem as they identify applications regardless of port, protocol, evasive tactic or SSL and don't rely on IP addresses to identify users. What's more, they protect networks in real-time against threats embedded across applications, offer granular visibility and policy control over application access and functionality and multi-gigabit, in-line deployment with no performance degradation.

It is essential that IT departments re-evaluate their corporate Web 2.0 user policy and start planning for next-generation firewall replacement now, even if it means using budgets from elsewhere, to not only protect business critical assets, but also to maximise efficiencies and keep operational costs to a minimum.

Simon Richardson brings more than 15 years of IT industry experience to ITogether. Simon manages the overall technical strategy and service delivery of the business as well as its day to day activities and product and service portfolio. An expert in enterprise network security, Simon is focused on driving the growth of ITogether's corporate client base through its world class vendor portfolio and managed services.