Next Generation Firewall
Next Generation Firewall
Next Generation Firewalls
Next Generation Firewalls are the cornerstone of cyber security providing a shield to the network and users
Firewalls are one of the core components of cyber security, usually protecting the perimeter of the network, their role is to shield the organisations data from the outside world creating a safe environment for users.
Over the years firewalls have advanced to include more sophisticated methods of protection, moving beyond port and protocol inspection/ blocking to include deep-packet inspection that adds in application level analysis and intrusion prevention. If you choose so, they can combine with other security solutions to provide a comprehensive gateway protection including protection from zero day attacks.
Next Genration Firewalls Provide:
- Virtual Private Networks (VPN) – the capability to connect to other remote Firewalls using encrypted tunnels over untrusted networks (Such as the internet) creating cheap but secure wide area networks (WAN).
- Intrusion Prevention System (IPS) – IPS complement firewalls and have become one of the main features. IPS will do real time, deep packet inspection, meaning that if any suspicious or malicious packets are found the firewall can mitigate by terminating the session or stripping the unwanted packets out, then reconfiguring the firewall against the attack and logging it for analysis. IPS works on 3 approaches, Signatures, Anomalies and policies. For more on IPS please see the IPS section here.
- Zero Day Protection – Zero Day Protection or Sandboxing is a way of examining previously unseen malware in a secure environment. The code is launched in the sandbox to see how it behaves before it touches a live environment. If the code is deemed to be malicious it is stripped before delivery or just deleted. Zero Day solutions usually work in combination with more traditional signature based Anti Malware solutions to offer a combination of speed and security.
- Anti Malware – Anti Malware solutions look for traditional signature-based malware threats passing through the firewall. Used in combination with IPS and Zero Day or Sandbox security they play an important part of blended deep packet threat analysis.
- Web Filtering – Web Filtering or URL Blocking is a way of black listing or white listing websites in order to prevent users accessing them. Generally these are either websites that would create a HR issue or unproductive sites, such as social media and news, although they are also useful in protecting against known malicious websites to prevent users accidentally downloading malware.
Firewall features can significantly improve the gateway security of an organisation. VPN, Sandboxing and SSL Decryption are all heavy on processing power and can considerably reduce the throughput of the gateway. Capacity sizing, now and for the future, becomes a key consideration when setting up a new firewall.
Apstorm have years of experience in advising and sizing firewalls from all the best of breed vendors. Please get in touch if you require any guidance.