It seems every day another security vendor releases their version of the NextGen firewall. While Palo Alto Networks staked their claim to the NextGen firewall some time ago, everyone from Check Point to Fortinet have recently announced NextGen firewalls.
FireMon recognized the value and power of these firewall advancements and has been a partner of Palo Alto for some time, focused on providing management for this new technology. While NextGen firewalls offer significant and important new capabilities to the firewall technology, the management problem remains. No matter how great the technology, if it is ineffectively managed, it will fail to solve the problem.
There are a couple key advancements in NextGen firewalls worth noting: user-based access policies and application intelligence.
While most firewalls have provided user access control by requiring secondary authentication at the gateway, this was completely disjointed from the existing directory infrastructure and complicated to manage. As a result, it was not often implemented. NextGen firewalls, through directory integration, have the potential to change access management from IP-based to user or user group based access. This is a huge advancement, changing the paradigm of IP access control to user control. And in a world of mobile and wireless devices, this makes access control much more dynamic and effective security.
Application intelligence and the incorporation of that intelligence into the firewall policy helps address the reality of web applications and dynamic protocol / port use in malware and applications. Access policies can now be managed by application or application category. Not only does this address the desired control application use in the enterprise, it can help address malware that makes its way into the enterprise in any form (on USB drive, laptop, phone, etc). If the policy is effectively managed, malware that used to freely tunnel across open ports out of the network and potentially enable backdoor command and control capabilities will be denied, blocking a critical security issue.
But NextGen firewalls can’t solve the problem of poor management. Even these new capabilities don’t magically solve the management problem. In fact, in many ways, they create new problems in need of solutions. I am a big proponent of this advancement in firewall technology and we are excited to offer solutions to help address these new issues. Be on the lookout for a few posts addressing these issues and FireMon’s innovative solutions to help organizations manage the NextGen firewalls.