Q & A: What is a Next Generation Firewall?

Many of our customers have asked about Next Generation Firewall and what it exactly means. In the wake of increasing cyber threats and increased Web 2.0 applications, it is often believed that traditional firewalls are not enough to ward off such threats. For complete protection, many companies are turning to Next Generation Firewalls to reduce the risk of data leakage and stay up to date with compliance.

“The rapid evolution of applications and threats, coupled with the relative stagnation of traditional security technologies, has resulted in a loss of visibility and control for IT organizations attempting to keep their enterprises secure.”...”It’s time to reinvent the firewall!”1

What exactly is a Next Generation Firewall? Let’s first look at traditional firewalls. Traditional firewalls, which are port-based, have been around for twenty years and are outdated. Their features are to either “block” or “allow,” which are limiting for today’s computer and internet use. Usually, a traditional firewall is built Next Generationto allow traffic from the trusted network to pass to the un-trusted network, unless it is blocked. With the advent of a new generation of applications accessed by network users, port-based firewalls are susceptible to data leakage. Some of these applications use techniques such as port-hopping to evade traditional port-based firewalls.

For security and compliance reasons, most businesses and organizations are concerned with controlling the applications that can leak sensitive data, such as credit card information and social security numbers. Next Generation Firewalls offer such protection and include an intrusion prevention system (IPS) and a firewall on the same device that are integrated and work closely together. They can correlate firewall rules to user names instead of IP addresses. They also need to be able to recognize protocols based on traffic and not pre-assigned ports and to block such protocols even if the port used is not the one you would expect.2 There are second, third, and even fourth generation firewalls. The term Next Generation Firewall most often includes those most up-to-date firewalls, such as the third and the fourth. Next Generation Firewalls offer the most comprehensive protection.

1 Miller, Lawrence C., CISSP Next Generation Firewalls for Dummies, Wiley Publishing, Indianapolis, Indiana, 2011

2 http://www.cutimes.com/2011/03/28/credit-unions-and-next-generation-firewalls