What's wrong with my NGFW?

Most solutions in the market today do exactly as advertised – combine traditional packet filtering with some application control and rudimentary IPS (intrusion prevention system) layered on top. While these capabilities are still important, traditional NGFWs were designed for a more simple time, before advanced threats began burrowing into enterprises through new and innovative means. 

Today’s sophisticated attacks leverage an array of threat vectors that can take endless forms. We are now seeing attacks that we couldn’t have anticipated just a few years ago. The traditional network security approaches in place to address these challenges have been built from disparate technologies, amounting to considerable complexity, that create gaps in these defences that attackers exploit. 

NGFWs continue to be a vital part of an organisation’s protection, but they weren’t created to address advanced threats that often go undetected until it’s too late. To protect against the advanced threats that are now prevalent, many organisations have had to add new layers of defence and resort to complex, expensive options that bloat the size of their network.

To deal with today’s security challenges, an NGFW must offer capabilities that address the following three strategic imperatives.

Visibility-driven. A visibility-driven approach enables insight into all users, devices, operating systems, applications, virtual machines, connections, and files to provide real-time contextual awareness, give network defenders a holistic view of the network and make it easier to pinpoint suspicious behaviour when it happens. 

Threat-centric. This entails delivering integrated threat defence across the full attack continuum – before, during and after the attack. Threat-centric protection must combine the Next-Generation Intrusion Prevention System, with advanced malware protection (AMP), to confirm security effectiveness. Because today’s advanced malware is designed to evade “point in time” security layers, organisations now require technology that can not only scan at an initial point in time to detect, understand and stop threats, but also make use of continuous capabilities that can “go back in time” to alert on and re-mediate files initially deemed safe that are later determined to be malicious. 

Platform-based. In today’s world, platform-based protection now entails delivering a simplified architecture and reduced network footprint with fewer security devices to manage and deploy. To meet today’s requirements, a next-generation firewall must combine proven firewall functionality, leading intrusion prevention capabilities, and advanced malware protection and re-mediation in a single device. 

As organisations continue to seek ways to capitalise on the vast opportunities the Internet of Everything (IoE) and the Internet of Things (IoT) bring, the number and type of attack vectors will only continue to expand, creating even greater challenges for companies and those responsible to defend the infrastructure. 

In short, organisations will continuously evolve their extended networks and must have defences in place that can address the dynamic threat landscape. To remain relevant, an NGFW must offer next-generation security capabilities that are visibility-driven, threat-focused and platform-based. Addressing these three imperatives is crucial in enabling organisations to maintain a robust security posture that can adapt to changing needs and provide protection across the attack continuum – before, during and after an attack. 

 

Sutee Assawasoontarangkoon is sales manager of Cisco Security.