Enterprise UTM vs next-generation firewalls

Clarifying Terminology

The long view of security strategies for your network.

Today we have a thoughtful contribution from security expert Patrick Bedwell, vice president, product marketing at Fortinet, the well-known provider of unified threat management systems. Patrick challenges the view that next-generation firewalls are a new and superior technology to unified threat management systems (such as the ones manufactured by Fortinet). Everything that follows is Patrick's own work with minor edits.

* * *

There's currently a lot of discussion in security circles about next-generation firewalls (NGFW) (over a million hits on "next-generation firewall" in a Google search in mid-July 2010). Some writers believe that an entirely new, innovative technology has emerged in NGFWs; in my view, NGFWs are a subset of the existing unified threat management (UTM) systems market, or even simply the next step on the continued evolution of traditional firewalls. The discussion is leaving some chief information security officers (CISO) wondering how NGFWs differ from UTM systems.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Today we have a thoughtful contribution from security expert Patrick Bedwell, vice president, product marketing at Fortinet, the well-known provider of unified threat management systems. Patrick challenges the view that next-generation firewalls are a new and superior technology to unified threat management systems (such as the ones manufactured by Fortinet). Everything that follows is Patrick's own work with minor edits.

* * *

There's currently a lot of discussion in security circles about next-generation firewalls (NGFW) (over a million hits on "next-generation firewall" in a Google search in mid-July 2010). Some writers believe that an entirely new, innovative technology has emerged in NGFWs; in my view, NGFWs are a subset of the existing unified threat management (UTM) systems market, or even simply the next step on the continued evolution of traditional firewalls. The discussion is leaving some chief information security officers (CISO) wondering how NGFWs differ from UTM systems.

Lifting the hood on next-generation firewalls

Next-generation firewalls are generally described as tightly integrating firewall functions, intrusion-prevention systems (IPS), VPN technologies and robust application-control capabilities. All of these features have historically been offered by many security products.

One of the most touted technologies in NGFW products is an application visibility-and-control capability. This is being promoted as one of the most significant advancements in security technology since the introduction of the stateful firewall. But is it really so innovative? The simple definition of application control is the ability to detect an application based on the application's content vs. the traditional layer 4 protocol. Since many application providers are moving to a Web-based delivery model, the ability to detect an application based on the content is important, but not especially innovative. Consider that the proposed innovation is just taking traditional firewall controls and applying them to applications based on the International Organization for Standardization (ISO) OSI (Open Systems Interconnection) Reference Model's Application Layer (7) vs. the original Transport Layer (4) method. This change is important, but not worthy of a new category of firewall. NGFW capabilities such as application control are critical parts of the firewall, but nothing more.

Today's security risks

Attacks are both application-aware and application-agnostic at the same time. That is, attacks seek out legitimate applications to carry their wares, but are not targeted only to specific applications. For example, we can assume a peer-to-peer (P2P) application is more likely to carry attack content vs. a known commercial application. But attacks have been carried by legitimate business applications as well. In fact, some of the most notable attacks have carried their threats via some of the most widely used commercially-available applications, including Facebook and Twitter. Does this mean you should use the application control feature of an NGFW to block Facebook and Twitter? Unfortunately, it can't always be that black and white.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.