Next-generation firewalls advance the state of the art in network security by integrating a wide variety of security technologies with an advanced network firewall. NGFWs build upon the stateful inspection approach that served enterprises well for the past decade, and supplement it with contextual information about the applications and users responsible for the traffic seeking to navigate the network. Combined with sophisticated threat intelligence information, this contextual data allows NGFWs to take actions that defend the enterprise against sophisticated threats.
One of the core features of an NGFW is its ability to allow the safe use of trusted applications without depending on control techniques that may be bypassed by advanced attackers. Some of the common evasion techniques used by these cybercriminals include:
Altering the standard ports used by blocked applications to match the port activity of permitted applications;
Tunneling impermissible activity through a permitted protocol, such as a virtual private network (VPN);
Using Secure Sockets Layer/Transport Layer Security encryption to hide malicious content from inspection engines.
Each of these evasion techniques may be effective against a standard stateful inspection firewall. However, NGFWs provide protection against these approaches.
Instead of relying upon port and protocol information to create rules, they develop application profiles that allow the detection of known applications operating in nonstandard ways, as well as illicit applications attempting to masquerade as permitted applications. NGFWs also have the ability to decrypt encrypted communications and perform deep application inspection on the contents of those encrypted sessions. These capabilities allow enterprises to defend themselves against the cunning evasion techniques of modern attackers.
The application profiles available to NGFWs also provide administrators with the ability to restrict application usage in a fine-grained fashion. NGFWs integrate with an organization’s identity management infrastructure to retrieve details about authorized users. This allows security administrators to create sophisticated rules, such as “Deny all use of peer-to-peer file sharing, except for staff in the marketing department” or “Block instant messaging communications for nonmanagers during business hours.” This fine-grained control of users and applications is one of the hallmarks of NGFW technology.
The firewall, acting as the mediator of all inbound and outbound network communications, has a unique perspective on an enterprise network. This location offers tremendous advantage for monitoring, providing security administrators with complete visibility into all of the data traversing the network boundary. This visibility, combined with the intrusion detection and prevention capabilities of the NGFW, allows the device to block potential attacks before they enter the secure enterprise network.
All NGFWs incorporate firewall, application control and intrusion detection/prevention capabilities, but many also offer a menu of other standard and optional security features. For example, many NGFWs offer administrators a variety of content filtering technologies.
These capabilities include anti-virus filtering that scans inbound traffic for the presence of malware embedded in email, messaging, web and other applications. This anti-malware capability may be supplemented with sandboxing technology that allows for the safe “detonation” of suspicious files in a separate environment to detect malicious behavior.
The secure web gateway capabilities of NGFWs allow organizations to implement content-filtering policies that restrict the activities of users, filtering URLs based upon the categories of content they seek to access. Built-in data loss prevention (DLP) technology scans outbound traffic for signs of sensitive information leaving secure areas and allows administrators to block such attempts, logging them for further analysis.
Enterprises may also incorporate real-time threat intelligence data generated by the research arms of NGFW manufacturers and other sources. For example, this threat intelligence may include information on hostile IP addresses, recently detected malicious activity profiles and other data that the NGFW uses to provide up-to-the-minute protection for the enterprise network.
Next-generation firewalls provide enterprises with a sophisticated suite of tools in a single package, positioned at an optimal point on the organization’s network. The advanced capabilities of these devices offer security administrators the threat intelligence and reaction capabilities necessary to combat advanced persistent threats and other cybersecurity issues.
Want to learn more? Check out CDW’s white paper “Next-Generation Firewalls: The New Norm in Defense.”