Next-generation firewall (NGFW)
At a very basic level, a firewall can be defined as a network security system, either an equipment, a software, or both, that controls the traffic flow between a trusted network (say an enterprise LAN) and an insecure public network (such as the internet). Due to simplicity and low cost, port-based firewalls have remained some of the most commonly used firewalls for the past two decades. However, the enterprise data these firewalls intend to protect, have developed in complexity, necessitating a more advanced approach towards controlling the ingress and egress of network traffic. This paved way for the next-generation firewalls (NGFW).
Traditional firewalls vs. NGFWs
Both traditional firewalls and NGFWs share the same purpose: to protect an enterprise’s network and data assets. However, NGFWs provide much more sophisticated ways to tackle enterprise traffic vulnerabilities than traditional port-based firewalls. For example, a typical traditional firewall has a packet filtering feature. On the other hand, a typical NGFW provides Deep Packet Filtering feature (more on these two below). In simple terms, NGFWs provide additional layers of protection for the enterprise network.
Features of NGFW
One of the major shortcomings of traditional firewalls is their inability to draw granular insights on network activities, due to which the network traffic is either fully allowed or fully denied. To overcome this problem, an NGFW is equipped with many advanced features. Some of them are listed below:
Application control: NGFWs are made to be “application-aware.” That is, they are capable of identifying applications and enforcing restrictions at the application level. This allows enterprises to differentiate between critical applications from non-critical applications, thereby allowing appropriate access to their employees.
Deep Packet Inspection (DPI): Unlike traditional firewalls that read only the header of a data packet, NGFWs are capable of inspecting the packet’s contents, including its source.
Intrusion Prevention System (IPS): As an extension of the Intrusion Detection System (IDS), an IPS is capable of instantly blocking any detected malicious intrusion into the enterprise network, by logging and blacklisting the IP address, to block all the future traffic from the same IP address.
Why NGFWs?
It goes without saying that every enterprise requires some technology to protect its network from malicious attacks. Also, since these attacks are continuously evolving, enterprises should be able to have complete control over their inbound and outbound network traffic for detecting, blocking any nefarious network intruder instantly. This is precisely why an NGFW is a must-have in every enterprise’s network security system.