Skip Links

:: Virtual, mobile, social endeavors drive IT. :: A Jobless recovery for IT in 2011?

:: The complicated new face of personal computing. :: Tech priorities: Are you ready?
:: Gauging the volume: What to expect in data storage and network traffic growth.

2011 tech priorities: Moving to a next-generation firewall

The next-generation firewall requires a different way of thinking about security goals associated with a firewall

By , Network World
January 03, 2011 06:06 AM ET

Network World - What should enterprises expect if they want to make the transition from a traditional firewall to a next-generation firewall? It starts with a decidedly different way of thinking about security goals associated with a firewall, especially in terms of establishing application-aware controls over employees as they access the Internet, the Web and social networking sites. (See Unbatten the hatches.)

Is a next-generation firewall in your future?

"There is a chasm to cross," acknowledges Patrick Sweeney, vice president of product management at SonicWall. The old way of talking about traditional port-based firewalls, with system administrators discussing the "language of protocols," is inadequate. Companies need to adopt a more business-focused vocabulary, related to application use, that's common to the CIO, CFO and CEO. "There has to be unification of the languages they speak," Sweeney says.

That's because the new generation of fast, intelligent firewalls are application-aware, enabling enterprises to establish and enforce identity-based application usage policies for employees. So-called next-generation firewalls (NGFW) also incorporate VPN capabilities, perform intrusion prevention sweeps of traffic, have the brains to use technologies such as reputation filtering, and integrate with Active Directory for identity and policy management.

That's the definition put out by research firm Gartner as well as several vendors -- including Palo Alto Networks, McAfee, Check Point, Fortinet, Barracuda Networks and SonicWall - that have embraced the NGFW term to describe their firewall products.

While the NGFW wave is at least three years old, Gartner acknowledges that actual use is still very low today, even less than 1%. Looking ahead, Gartner optimistically predicts NGFW adoption will grow to 35% by 2014.

Vendors continue to evolve their NGFW offerings, and the NGFW "should become your primary firewall," says Gartner analyst Greg Young. Even if your enterprise is not at the point of reviewing its firewall contracts for renewal or replacement, IT managers should be researching vendors' NGFW road maps and preparing for the next refresh cycle, he says.

One adoption driver is the opportunity to see network activity and bandwidth consumption more clearly, says SonicWall's Sweeney. "You can look at any particular user and see if they're using BitTorrent or some application," he says.

Enterprises can administer application controls related to bandwidth needs and priorities via a NGFW. Additionally, some NGFWs, including those from Check Point and SonicWall, can act like data-loss prevention tools to block usage based on keywords and other definers.

Check Point offers NGFW controls in its firewall gear today via application-control software blades that cover nearly 5,000 applications and 90,000 social-network widgets, says Oded Gonda, vice president of network security. The Check Point approach also offers a way to warn a user rather than outright blocking access, Gonda says. That involves interjecting an "inform" screen to explain to a user going to Facebook that corporate policy might restrict sharing certain company-related information. "Sometimes you don't want to block, you want to educate," Gonda says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News