//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Not All Next-Generation Firewalls Are Created Equal


PANW-New-Logo-3

As cybersecurity threats increase in sophistication, the security solutions used to defend against these threats must also evolve. Developers no longer adhere to standard port/protocol/application mapping; applications are capable of operating on non-standard ports, as well as port hopping; and users are able to force applications to run over non-standard ports, rendering first-generation firewalls ineffective in today’s threat environment. Enter the “next-generation firewall” (NGFW), the next stage of firewall and intrusion prevention systems (IPS) technology.

A common understanding of an NGFW is a network platform that combines the traditional firewall functionalities with IPS and application control. However, merely bundling traditional firewalls with IPS and application control does not result in an NGFW. A true NGFW emphasizes native integration, classifies traffic based on applications rather than ports, performs a deep inspection of traffic and blocks attacks before a network can be infiltrated. Here is a list of key features of a true NGFW to better inform your next purchase decision.

Identify and control applications and functions on all ports, all the time

An NGFW should identify traffic on all ports at all times, and classify each application, while monitoring for changes that may indicate when an unpermitted function is being used. For example, using Citrix GoToMeeting for desktop sharing is permitted but allowing an external user to take control is not.

Identify users regardless of device or IP address

Knowing who is using which applications on the network, and who is transferring files that may contain threats, strengthens an organization’s security policies and reduces incident response times. An NGFW must get user identity from multiple sources – such as VPN solutions, WLAN controllers and directory servers – and allow policies that safely enable applications based on users, or groups of users, in outbound or inbound directions.

Identify and control security evasion tactics

There are two different classes of applications that evade security policies: applications that are designed to evade security, like external proxies and non-VPN-related encrypted tunnels (e.g., CGIProxy), and those that can be adapted to achieve the same goal such as remote server/desktop management tools (e.g., TeamViewer). An NGFW must have specific techniques that identify and control all applications, regardless of port, protocol, encryption or other evasive tactics and know how often that firewall’s application intelligence is updated and maintained.

Decrypt and inspect SSL and control SSH

An NGFW should be able to recognize and decrypt SSL and SSH on any port, inbound or outbound; have policy control over decryption; and offer the necessary hardware and software elements to perform SSL decryption simultaneously across tens of thousands of SSL connections with predictable performance.

Systematically manage unknown traffic

Unknown traffic represents significant risks and is highly correlated to threats that move along the network. An NGFW must classify and manage all traffic on all ports in one location and quickly analyze the traffic, known and unknown, to determine if it’s an internal/custom application, a commercial application without a signature, or a threat.

Protect the network against known and unknown threats in all applications and on all ports

Applications enable businesses, but they also act as a cyberthreat vector, supporting technologies that are frequent targets for exploits. An NGFW must first identify the application, determine the functions that should be permitted or blocked, and protect the organization from known and unknown threats, exploits, viruses/malware or spyware. This must be done automatically with near-real time updates to protect from newly discovered threats globally.

Deliver consistent policy control over all traffic, regardless of user location or device type

An NGFW should provide consistent visibility and control over traffic, regardless of where the user is and what device is being used, without introducing performance latency for the user, additional work for the administrator, or significant cost for the organization.

Simplify network security

To simplify and effectively manage already overloaded security processes and people, an NGFW must enable easy translation of your business policy to your security rules. This will allow policies that directly support business initiatives.

Perform computationally intensive tasks without impacting performance

An increase in security features often means significantly lower throughput and performance. An NGFW should deliver visibility and control including content scanning, which is computationally intensive, in high-throughput networks with little tolerance for latency.

Deliver the same firewall functions in both a hardware and virtualized form factor

Virtualization and cloud computing environments introduce new security challenges, including inconsistent functionality, disparate management and a lack of integration points. An NGFW must provide flexibility and in-depth integration with virtual data centers in private and public cloud environments to streamline the creation of application-centric policies.

To learn more about what features a NGFW must have to safely enable applications and organizations, read the 10 Things Your Next Firewall Must Do white paper.

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 108,622 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,717 other followers

Twitter Updates

Archives

August 2016
M T W T F S S
« Jul   Sep »
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: