Let's face it, there is a lot of confusion about Next Generation Firewalls and how they differentiate themselves from Unified Threat Management (UTM) devices, secure Web, and email security gateways. The myriad terms used to describe them are often used interchangeably -- and all too often incorrectly.
So what exactly is a Next Generation Firewall (NGFW)?
Gartner defines a NGFW as an "in-line security control that implements network security policy between networks of different trust levels in real time."
If nothing else, a NGFW provides a baseline platform for network traffic inspection and network security policy enforcement. Here are a few of the basic features one can expect to find in a NGFW:
Standard first generation firewall capabilities:
This includes the use of packet filtering, network-address translation (NAT), stateful protocol inspection, and VPN technologies.
Application awareness identifies applications and enforces network security policy at the application layer while giving the device an ability to "learn" new applications by observing how they behave. NGFWs can then create benchmarks for what "normal" behavior is for use a point of comparison when applications deviate from the norm or when other aberrations emerge.
additional intelligence gives the device the ability to correlate a multitude of information from external sources in order to enhance security and make accurate traffic blocking decisions.
Non-disruptive bump in the wire configuration:
designed to prevent disruption to network operations. Integrated Intrusion Detection/Intrusion Prevention System: IPS develops firewall rules aimed at blocking malicious or sketchy addresses that continually load the IPS with bad traffic, but can also include functions such as predefined and custom signatures, out-of-band mode, packet logging, IPS sensors, and real-time updates.
Application identification and control:
this enables users to identify and manage applications on networks and endpoints, regardless of their port, protocol or IP address, including unknown applications from unfamiliar sources while also expanding visibility over all application traffic. Once applications are identified, traffic is scanned for malicious payloads and then either blocked or allowed to pass safely.
a feature that identifies users from a medley of names, IP addresses and Active Directory groups maintained locally, while subsequently enabling usage and permissions based on a users' status in their authorized group.
Perhaps the most salient and distinguishing component of NGFW are its application identification and awareness properties. Among other things, it's a feature that gives users the ability to prioritize applications with the highest importance, such as video conferencing applications, while throttling or blocking altogether, applications that drain bandwidth and user productivity, such as social media, video and chat forums.
Application identification features also allow users to create and enforce a wide array of user policies, which, for example, would give organizations the ability to enable productivity drains (e.g. gaming or sports sites) to be used during the lunch hour, limit social media to certain groups of employees, or restrict bandwidth consumption to particular applications. While both first and Next Generation Firewalls share a few similar feature sets, the differences between them are extensive.
For one, first generation firewalls - while still widely utilized in the enterprise -- are becoming increasingly less effective at tackling an application-driven IT environment and a rising tide of modern advanced threats, largely due to their dependence on port, protocol and server IP address. They don't incorporate critical capabilities such as deep packet inspection that can analyze the data payload of network packets. And they fail to incorporate granular intelligence that distinguishes one kind of Web traffic from another in order to enforce security policies.
Bolstered with performance capabilities and equipped with a growing repertoire of sophisticated features, it's far from surprising then that NGFW adoption has been the greatest in enterprise markets and with industries tapped to adhere to stringent compliance regulations. That trend is changing slowly, however, in light of an increasingly treacherous and stealthy threat environment coupled with elevated enforcement of punitive compliance regulations. In another light, new pressures and challenges, it might not be too long before smaller market segments and verticals seek out NGFW or similar capabilities following their next firewall refresh.