When Gartner coined the phrase "next generation firewall", in 2003, it captured a then-nascent approach to traffic classification and control. Combining traditional packet filtering with some application control and IPS layered on top, today's 'legacy' NGFWs do pretty much what they say on the tin.
However, while NGFWs continue to be a vital part of an organization’s protection, they were designed for a time before advanced targeted threats started attacking our enterprises -- threats which often go undetected until it's too late.
Most organizations today secure their networks using disparate technologies that don't -- and can't -- work together. They leave gaps in protection that today's sophisticated attackers exploit. These point solutions lack the visibility and control required to implement effective security policy to accelerate detection of all threats and response. In addition, disparate solutions add to capital and operating costs and administrative complexity.
From my own discussions with security professionals I know that they are frustrated with disparate point solutions and the cost, complexity and administrative headaches they create -- not to mention the gaps in security.
So what's to do?
NGFWs must evolve to stay relevant in a world that is dealing with dynamic threats -- threats that we couldn't have anticipated just a few years ago. It's time for a shift in mindset regarding the level of protection an NGFW must provide, to improve visibility, detect multi-vector threats, close security gaps that attackers exploit, and combat other sophisticated threats.
Until now, NGFWs have focused on policy and application control and have been unable to address advanced and zero day attacks. In short, existing detection mechanisms -- even the latest innovations around sandboxing -- simply won't protect against the advanced malware and zero-day attacks we're seeing today. In order to combat today's dynamic threats a different approach is needed -- one that delivers continuous monitoring and full contextual analysis of threats before, during and after the attack.
In order to deal with today's security challenges, an NGFW must offer capabilities that address these three strategic imperatives:
Visibility-Driven
To address today's era of threats, a visibility-driven approach enables insight into all users, devices, OS, applications, virtual machines, connections and files, to provide real-time contextual awareness, give network defenders a holistic view of the network and make it easier to pinpoint suspicious behavior, when it happens. Full stack visibility and contextual awareness for integrated security serves as the basis for both streaming and automating defense responses. Granular application visibility and control and URL filtering are also crucial to reduce the overall attack surface.
Threat-centric
This entails delivering integrated threat defense, across the full attack continuum – before, during and after the attack. Threat-centric protection must combine market-leading NGIPS, with advanced malware protection (AMP) that is third-party tested to confirm security effectiveness. Because today's advanced malware is designed to evade "point-in-time" security layers, threats still get through, so organizations now require technology that not only scans at an initial point-in-time to detect, understand and stop threats, but also makes use of continuous capabilities, which can "go back in time" to alert on and remediate files initially deemed safe, that are later determined to be malicious.
Platform-based
IT professionals are now under tremendous pressure to reduce complexity in their environments, keep operational costs low and maintain the best defenses to keep pace with the dynamic threat landscape. In today's world, platform-based now entails delivering a simplified architecture and reduced network footprint, with fewer security devices to manage and deploy. To meet today's challenges, a next-generation firewall must combine proven firewall functionality, leading intrusion prevention capabilities, and advanced malware protection and remediation in a single device. These firewalls must be highly scalable, and enabled by open APIs, to deliver security across branches, the internet edge, and data centers (physical and virtual environments) in order to cope with growing demands.
Organizations are continuously evolving their extended networks and must have defenses in place that can address the dynamic threat landscape. To remain relevant, an NGFW must offer next-generation security capabilities that are visibility-driven, threat-focused and platform-based.
Addressing these three imperatives is crucial in enabling organizations to maintain a robust security posture, that can adapt to changing needs and provide protection across the attack continuum -- before, during and after an attack.
Sean Newman is a security strategist for Cisco Security Business Group
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.