Next-generation firewalls (NGFWs) are basically regular firewalls that pack a lot more punch in terms of capabilities and scope. They add a level of sophistication that helps them detect far more security issues.
Here are some of the top trends in NGFWs:
1. More detailed analysis
Standard firewall technology is based on analyzing network traffic based on rules. The firewall is set up to only welcome incoming connections that it has been set up to accept based on policy, blacklists and whitelists, etc. Once set, the firewall allows or disallows the data packets that are trying to communicate across digital networks. While traditional firewalls could be regarded as traffic cops at the point of entry into a device or network, all they really did was inspect packet headers to determine if they were friend or foe.
Next-generation firewalls venture much deeper than standard packet-filtering. They reach beyond the packet header and scan a packet’s source and contents in their entirety. That enables them to detect a large set of more sophisticated security threats and spot the malware designed to bypass firewalls.
2. Wider attack surface
Nirav Shah, Vice President, Products and Solutions at Fortinet, said the need for NGFWs became apparent due to the way that attack surfaces continued to evolve and expand, and as users became more vulnerable to sophisticated attacks like ransomware. Thus, several networking and security functions have converged within a NGFW to keep customers and users safe.
“Organizations must be able to converge networking and security across physical and cloud locations to secure the rapid expansion of these new edges,” said Shah. “IT teams can embrace convergence by utilizing a modern NGFW that can deliver AI/ML security alongside modern networking capabilities like SD-WAN, Universal ZTNA, LAN Edge controllers and 5G support. A converged approach in today’s threat landscape is essential in protecting against increasingly advanced threats and realizing better user experience.”
3. Egress as well as ingress
Firewalls have mainly focused on defending the enterprise or device from the ingress of unwanted traffic and malware.
But the trend is now to pay as much attention to egress as ingress.
“More organizations are putting a priority on egress security to prevent data exfiltration and monitor outbound connections from composite apps that might connect to multiple external services – thus making detection of command and control challenging otherwise,” said Vishal Jain, Co-Founder and CTO at Valtix.
4. Too much external attack surface exposure
Rickard Carlsson, CEO and co-founder of Detectify, makes it clear that the days are long gone when servers sat in office basements and companies’ external exposure was defined by the set of IP ranges in their firewalls. Next Generation Firewalls are helping organizations move beyond this approach.
“Today’s attack surface is made of many Internet-facing assets with exposure being controlled at the domain level, and web applications have fast become the most attractive target for attackers – particularly unknown and forgotten assets,” said Carlsson. “SaaS-based solutions purpose-built for identifying vulnerabilities and securing the external attack surface in this new world will save product security and AppSec teams a lot of headaches.”
5. Zero trust eliminating centralized firewalls
Beyond Identity research found that as many as 83% of former employees retain access to one or more accounts after leaving. Half of them use that access to steal client or financial information. There are also various security weaknesses that accompany the work-from-home movement to consider. How many home networks and mobile connections are fully secured?
Zero trust network access (ZTNA) is a way to minimize breaches. It encompasses technologies that enable secure access to internal applications. It grants access on a least-privileged basis via granular policy management. Only verified users get in but only to a limited set of applications and data. The Zero Trust framework safeguards remote workers, hybrid cloud environments, and IT in general. It works on the assumption that any network is always at risk of either internal or internal attacks. It means an individual is not just trusted because they are on the network. They must prove who they are and are given only limited access to the systems they need.
“In general, firewalls have trended away from on-premise devices, towards cloud services, and then more recently in the direction of zero-trust configurations that essentially do away with centralized firewalls entirely,” said Peter Lowe, principal security researcher, DNSFilter. “While there is a place for physical devices in large enterprise networks with a physical footprint, the rise of remote working and international collaboration has prompted a different solution to the same issue of protecting our networks. NGFWs can still be combined with zero trust networks to act as segmentation gateways to help enforce rules, and monitor for suspicious behavior.”