How to approach NGFWs

While nothing is technically wrong with today's NGFWs, much is wrong with the approach.

Tags: Cisco Systems Incorporated
  • E-Mail
How to approach NGFWs Maher Jadallah, MENA sales manager at Cisco Security.
By  Maher Jadallah Published  November 18, 2014

Next-generation firewalls (NGFWs) are a foundational component for many traditional network security strategies. While nothing is technically wrong with today's NGFWs, much is wrong with the approach.

Most solutions in the market today do exactly as advertised -- combine traditional packet filtering with some application control and rudimentary IPS layered on top. While these capabilities are still important, traditional NGFWs were designed for a more simple time, before advanced threats began burrowing into enterprises through new and innovative means.

Today’s sophisticated attacks leverage an array of threat vectors that can take endless form factors. We are now seeing attacks that we couldn’t have anticipated just a few years ago. The traditional network security approaches in place to address these challenges have been built from disparate point technologies, amounting to considerable complexity, that create gaps in these defences that attackers exploit.

NGFWs continue to be a vital part of an organisation’s protection, but they weren’t created to address advanced threats that often go undetected until it’s too late. To protect against the advanced threats that are now prevalent, many organisations have had to add new layers of defence and resort to complex, expensive options that bloat the size of their network.

Evolving to meet today’s requirements
NGFWs must evolve to stay relevant in a world that is dealing with dynamic threats. It’s time for a shift in mindset regarding the level of protection an NGFW must provide to improve visibility to detect multi-vector threats, close security gaps that attackers exploit, and combat sophisticated threats. In order to deal with today’s security challenges, an NGFW must offer capabilities that address these three strategic imperatives.

Firstly, they should be visibility driven. To address today’s era of threats, a visibility-driven approach enables insight into all users, devices, OS, applications, virtual machines, connections, and files to provide real-time contextual awareness, give network defenders a holistic view of the network and make it easier to pinpoint suspicious behaviour when it happens. Full stack visibility and contextual awareness for automated, integrated security serves as the basis for both streaming and automating defence responses. Granular application visibility and control and URL filtering are also crucial to reduce the attack surface.

NGFWs should also be threat-centric. This entails delivering integrated threat defence across the full attack continuum – before, during and after the attack. Threat-centric protection must combine market-leading NGIPS, with advanced malware protection (AMP) that is third-party tested to confirm security effectiveness. Because today’s advanced malware is designed to evade “point-in-time” security layers, threats can still get through, so organisations now require technology that can not only scan at an initial point-in-time to detect, understand and stop threats, but also make use of continuous capabilities which can “go back in time” to alert on and remediate files initially deemed safe that are later determined to be malicious.

Finally, NGFWs need to be platform-based. IT professionals are under tremendous pressure to reduce complexity, keep operational costs low and maintain the best defences to keep pace with the dynamic threat landscape. In today’s world, platform-based now entails delivering a simplified architecture and reduced network footprint with fewer security devices to manage and deploy. To meet today’s requirements, a next-generation firewall must combine functionality, intrusion prevention capabilities, and advanced malware protection and remediation in a single device. These firewalls must be highly-scalable and enabled by open APIs with security across branches, the Internet edge, and data centres (physical and virtual environments) in order to cope with growing demands.

As organisations in the Middle East continue to seek ways to capitalise on the vast opportunities the Internet of Everything (IoE) and the Internet of Things (IoT) bring, the number and type of attack vectors will only continue to expand, creating even greater challenges for companies and those responsible to defend the infrastructure.

In short, organisations will continuously evolve their extended networks and must have defences in place that can address the dynamic threat landscape. To remain relevant, an NGFW must offer next-generation security capabilities that are visibility-driven, threat-focused and platform-based. Addressing these three imperatives is crucial in enabling organisations to maintain a robust security posture that can adapt to changing needs and provide protection – before, during and after an attack.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code