Feb 06 2014

Next-Gen Firewalls Can Be IT Security "Dimmers"

The latest in firewall technology does a better job of keeping bad data out and letting good data in.

IT security can get a bad rap with users. Firewalls have prevented many an employee from checking on their Facebook friends or posting an enthusiastic tweet about last night’s episode of Game of Thrones. Such moves have sometimes made firewalls the least popular kid on the playground in many workplaces.

But next-generation firewalls offer much more granular control, which can allow certain users at certain times to access sites and applications that companies might otherwise have blocked outright.

You could say that legacy firewall technology had a lights-on or lights-off mentality. But in a post on the CDW Solutions blog, Jeff Falcon, a senior security solutions architect for CDW, says that next-gen firewalls are more like dimmers:

Essentially, by embracing an on-boarding process for Next Generation Firewalls, an organization may now begin to shift from a static ‘on-off’ switch for ports, protocols and known URL’s, to more of a ‘dimmer’ switch strategy for safely on-boarding applications.

This will allow IT to move toward the direction of striking a harmonious balance of safe application enablement and user identification for only approved applications. This strategy is crucial in the evolutionary process as application control now becomes a priority for the formulation and establishment of user-specific policies.

Like other areas in IT, firewalls are shifting from hardware-based models to software-defined technology. According to TechTarget, Citrix and Palo Alto Networks recently announced that they’re combining forces on a new, virtual next-gen firewall solution that allows Citrix’s NetScaler SDX appliance to run Palo Alto’s VM-Series firewall:

The Citrix-Palo Alto combination will allow data center infrastructure engineers to reduce the hardware footprint in their networks and simplify operations, said Rohit Mehra, vice president of network infrastructure research at Framingham, Mass.-based IDC.

Engineers will be able to apply common configurations and settings to their firewall and application delivery services on the SDX platform, he said. The consolidated services will also enable so-called service chaining, which lets traffic be routed through firewall and ADC services within a single box.

In the quest to be viewed as a collaborator and not an obstructionist, leveraging advanced next-generation tools like this will help IT serve the users’ and the company’s interests at the same time.

After all, no one appreciates being left in the dark suddenly and without warning, so IT should keep this “dimmer” approach in mind as they plan future firewall implementations.

Tetra images/ThinkStockPhotos