When Gartner coined the phrase “Next Generation Firewall (NGFW)” in 2003, it captured a then-nascent approach to traffic classification and control.
Combining traditional packet filtering, with some application control and IPS layered on top, today’s “legacy” NGFWs do pretty much what they say on the tin.
However, whilst NGFWs continue to be a vital part of an organisation’s protection, they were designed for a time before advanced targeted threats started attacking our enterprises – threats that often go undetected, until it’s too late.
Most organisations today secure their networks using disparate technologies that don’t – and can’t – work together. They leave gaps in protection, that today’s sophisticated attackers exploit. These point solutions lack the visibility, control and joined-up security intelligence required to be effective, given the sophisticated of the threat landscape we now face.
In addition, the disparate solutions that organisations have previously relied upon add to capital and operating costs and increase the administrative complexity.
From my own discussions with security professionals I know that they are frustrated with disparate point solutions and the cost, complexity and administrative headaches they create – not to mention the gaps in security that often result from this.
So what’s to do?
NGFWs must evolve, to stay relevant, in a world that is dealing with dynamic innovative threats – threats that we couldn’t have anticipated just a few years ago. It’s time for a shift in mindset, regarding the level of protection an NGFW must provide, to improve visibility, detect multi-vector threats, close security gaps that attackers exploit, and combat other sophisticated threats.
Until now, NGFWs have focused on basic traffic and application control and have been unable to address advanced and zero day attacks. The challenge is, that today’s advanced attacks are hiding in plain sight, disguised as the traffic flows of applications that you won’t be blocking, for good business reasons.
In order to combat today’s dynamic threats, a different approach is needed – one that delivers continuous monitoring and full contextual analysis of threats across the entire attack continuum; before, during and after the attack.
In order to effectively deal with today’s security challenges, an NGFW must offer capabilities that address these three key areas:
- Visibility-driven: In an era where attackers often know more about your environment than you do, a visibility-driven approach enables you to level the playing field. Real-time insight into all of your users, devices, OSs, applications, virtual machines, connections and files is critical. It allows you to not only identify and deal with your weak spots but delivers the contextual awareness needed to accurately pinpoint suspicious behaviour, when it happens.
- Threat-centric: is about delivering integrated threat defence, across the full attack continuum – before, during and after. A threat-centric NGFW must be visibility driven – enabling you to be best prepared for the fact that you will be attacked, by minimize your attack surface. It must give you the best possible detection during an attack, combining market-leading technologies including NGIPS and Advanced Malware Protection (AMP). And, it needs to recognise that detection is not one hundred percent, by delivering continuous monito
ring and analysis after an attack, because today’s advanced malware is designed to evade traditional “point-in-time” security layers. Continuous protection means you can “go back in time” to alert on and remediate files initially deemed safe, that are later determined to be malicious, as a result of additional intelligence or analysis. - Platform-based: IT professionals are now under tremendous pressure to reduce complexity in their environments, keep operational costs low and maintain the best defences to keep pace with the dynamic threat landscape. In today’s world, platform-based now entails delivering a simplified architecture and reduced network footprint, with fewer security devices to manage and deploy. To meet these challenges, next-generation firewalls must evolve to become threat centric. Enabled by open APIs, they are a key component of an integrated threat defence solution.
Organisations are continuously evolving their extended networks and must have defences in place that can address the dynamic threat landscape. To remain relevant, an NGFW must offer next-generation security capabilities that are visibility-driven, threat-focused and platform-based.
Addressing these three imperatives is crucial in enabling organisations to maintain a robust security posture, that can adapt to changing needs and provide protection across the attack continuum – before, during and after an attack.
Sean Newman is a security strategist at the Cisco Security Business Group