Understanding Next-Gen Firewall


Amajority of companies have some sort of firewall. Many feel a false sense of protection and don’t even know the potential risks of insufficient armor against cyberattacks.

As the first required building block for a comprehensive network security posture, a firewall is designed to block unauthorized traffic from penetrating the network. In addition to a vast array of security policies a company should employ, maintaining a firewall can stretch far beyond a full-time job and ties up a lot of IT resources. 

Having a firewall alone is not enough. A firewall does not prevent viruses or malware from entering the network, it cannot detect intruders nor can it monitor network traffic. Next-Gen Firewalls are the evolution of the enterprise firewall coupled with a number of security features to protect customers.

With so many cybersecurity risks, it makes sense to invest in a managed firewall solution. 

Traditional firewalls include:

  • Packet filtering
  • Network address translation
  • URL blocking
  • Virtual Private Networks (VPN)

A managed firewall solution, on the other hand, takes on the management, maintenance and reporting. It includes:

The Device
A centralized virtual or physical appliance (usually an enterprise grade Palo Alto or Fortinet device) now part of a monthly contract moving it from CapEx to OpEx. As needs grow and a larger device is required, the solution can be scaled without having to purchase a new device.

Firewall Maintenance
Updates, patch management, change management and other maintenance are handled 24x7x365 by the vendor. This service will occur within an agreed upon SLA to ensure business needs are met in an acceptable time frame.

Portal
 A cloud-based platform that allows visibility into perimeter security and the ability to view continuous data and analytics, assess trends, and utilize logs for audits and compliance requirements.

Managed Firewall Add-Ons

With a next-gen firewall, additional features are layered on with QoS, and no additional devices are needed.

Additions can include:

Managed-Firewall_Reasons to switch_Sidebar-05

Intrusion Detection System (IDS)
IDS identifies malicious traffic targeting the network and provides alerts. Activity is logged to provide an audit trail available for review in a portal.

Intrusion Prevention System (IPS)
IPS works in conjunction with IDS to block malicious traffic and quarantine suspicious traffic. Parameters can be set through the cloud-based portal.

Antivirus
Antivirus software and applications protect inbound and outbound traffic against viruses, worms, trojans and other malware. Protection is at the edge of the network and in real time; threats are logged in the same SIEM (security information & event management) portal.

Content Filtering/URL Filtering
Often the last piece of the security puzzle, content filtering protects your internal network. This web-filtering blocks access to websites outside of a company’s Internet Acceptable Use Policy, ranging from social media sites and YouTube to gambling and drugs.

Deep Packet Inspection (DPI)
DPI grabs pieces of each packet to thoroughly inspect and identify anomalies or violations of normal protocol/communications.

Application Awareness
Logs and tracks application usage throughout the network to create a baseline and subsequently use these parameters to set policies around which users can access what data.

Active Directory/LDAP Integration
This integration allows a higher level of content/URL filtering based on the users' roles within the Active Directory.

Managed-Firewall_Centralized-vs-Decenteralized

Fee Structure: Managed Firewall vs. Traditional Firewall

24x7x365 management and monitoring of the company’s network is resource intense and time consuming and can be cost prohibitive to mange internally.

Managed-Firewall_Fee structure-06

Enhancing Your Security Posture

Use these questions to help identify gaps in your existing security policy as well as upcoming needs; the questions can also be used to develop a plan for evolving your security posture in our ever-changing, high-threat environment.

Do you have a security policy? What does it include?
  • Acceptable use policy?
  • Password policy?
  • Data protection policy?
  • Data destruction policy?
  • Security reporting procedure?
  • Do you need to be compliant with any additional regulatory and compliance standards? If so, are you?
Do you currently employ any security staff?
  • If so, how many employees do you have?
  • Are your employees trained on all the security measures that are currently in place?
What are your security challenges?

What cloud-based “as-a-service” resources do you consume?

Do you run audits on your security?
  • Do your auditors rotate or do you always use the same auditors?
  • When was your last audit?
  • When was the last time you completed a security assessment?
  • Where are your biggest security risks within your network?
Do you have an incident response plan?

Do you have a disaster recovery or business continuity plan?