Next (Generation) Firewall Steps: Expanding Firewall Context

Jody Brazil

Wikipedia: “A firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule sets.”

This generic firewall definition is independent of the technology used to control network traffic between trust levels. Firewalls deploy a variety of techniques and technologies to meet the goal of controlling network traffic. The “Future of the Firewall” will involve better “context” or situational awareness.

For starters, context can improve the confidence level of the security decision that allows the firewall to make more refined decisions. In that sense, contextual awareness is the “who, what, where and when” of security intelligence that enables a firewall to make better decisions in controlling network traffic.

On their own, with limited context, firewalls and IDS/IPS,(Intrusion Detection/ Prevention Systems) offer point-in-time block matches based on packet attributes or signatures. Combining firewall and IDS/IPS technologies is certainly a market trend and can provide more context, as popularized in current next-generation firewall (NGFW) devices.

However, what if a firewall had more information on the security state of the endpoint? And where could a firewall gain this context? Some potential sources are analytics or behavior analysis, NetFlow data from core network routers, SIEM (Security Information and Event Management systems), NAC (Network Access Control systems) and endpoint solutions themselves.

How might firewall policy change, based on this type of security intelligence? Resulting context could allow a firewall to adapt to a situation and/or gain fidelity into the purpose of the traffic.

Today this sort of context is emerging within firewall vendor solutions (using the same vendor’s firewall and endpoint). These single vendor solutions are more likely to be integrated to share context or intelligence than independent vendor products.

The next step is for these independent security devices and SIEM solutions is to share both context and security intelligence that will enable more accurate security decisions across the enterprise.

By lending this ability to broaden the context of intelligence available to firewall infrastructure, the future of the firewall represents something far more valuable than the devices we work with today.

My comments are my own and do not necessarily represent my employer’s positions or opinions.

Join The Conversation

We encourage you to share your thoughts, and we look forward to reading your comments. We invite you to follow our blog to keep up with the latest posts of our new series.