What is a Next Generation Firewall?
By Frank Keogh
While the name, “Next Generation Firewall” sounds like one of those “hype” terms that marketers often use to get you excited about a product, this is one instance where the technology really lives up the to the name.
To understand what a Next Generation Firewall (NGFW) is, it helps to understand the predecessor to the Next Generation Firewall, sometimes called a “traditional firewall”.
The traditional firewall was a fairly simple, stateful, rules-based system. The firewall acted like a traffic cop, using rules to determine which traffic could come in and which traffic should be blocked.
Once traffic got through the traditional firewall and onto the network, though the firewall might log information like the source and destination of the traffic, it was no longer the firewall’s responsibility to ensure that the contents that were allowed through would not become a threat at a later time.
The Next Generation of Firewalls
The possibility that a file that made it through the firewall might later be discovered to be malicious unbeknownst to the firewall, along with the traditional firewall’s limited data management featured led to the creation of the Next Generation Firewall.
With so many network-connected apps in use on the corporate network, network admins needed a way to identify what apps were being used and how much data those apps were consuming, and who the data was coming from and going to.
Enter the Next Generation Firewall, which was created to address these types of advanced security and admin needs.
While there are many features of different vendors’ NGFW offerings, three of the most common are:
- Application Visibility;
- Active Directory integration;
- Reflection and Remediation;
The application visibility feature enables the NGFW to be aware of the network-enabled applications on your users’ machines and what specific traffic is going to each app. This enables the network admin to throttle the amount of data going to an app, control the type of data going to an app by protocol or portal origination, or even prohibit data going to an app.
Active Directory Integration
The integration of the NGFW with Active Directory give the network admin the ability to identify not just that a ton of data is going to the Netflix app on the computer with the IP 220.127.116.11 everyday, but that it’s going to Marc Fields in Dev. Should Marc be accessing the Netflix app at his cube every day? Since the network admin knows his name, because she has a NGFW, she can look up his manager and find out.
Reflection and Remediation
Even the best firewalls will sometimes misidentify malicious traffic as safe. In those instances, the NGFW’s remediation functionality comes into play.
While the traditional firewall may have left the responsibility for future security concerns about any files that were allowed in to other systems, a NGFW continuously monitors the network for potentially malicious files.
If a file on the network either shows signs that it may be malicious, or if a file was let onto the network with a formerly unknown malware profile, the NGFW, because of its reflection and remediation capability, can identify the file, reclassify it as malicious, and take remediation steps such as quarantining the file and notifying the network security team.
Learn More About NGFW’s Super Powers
Application Visibility, Active Directory integration, and Reflection and Remediation are only a few of the super powers of today’s Next Generation Firewall.
If you’d like to learn more about how a NGFW can improve the security of your network, contact us today to talk with one of our network security reps.
If you’re still trying to figure out what your cybersecurity needs might be, check out my blog, “What is Advanced Malware Protection (AMP)?”.
If you found this blog helpful, please give it a thumbs up!
Frank is a systems engineer, specializing in network consulting for LAN, WAN, cybersecurity and data center/hyperconvergence.
Credentials? Plenty. CCNA, CCDA, CCNP, CCSP, VCP5-DCV