What Are Next-generation Firewalls?What Impact Do The Cloud And Complexity Have On Them?

Traditional firewalls keep track of the domains from which traffic originates and the ports to which it is directed. Next-generation firewalls go much further, monitoring message content for malware and data exfiltration and reacting in real time to threats. Behavioral analytics, application security, zero-day malware detection, compatibility for cloud and hybrid settings, and even endpoint protection are all included in the latest iterations. (next gen firewall)

That’s a lot of capability crammed into a little space. Intent-based security, which allows users to specify consistent policies for management and configuration, as well as compliance-related regulations, is being offered by some firewall vendors — and third-party providers — to address the management issue.

According to Gartner, next-generation firewalls will cover nearly all internet points of presence by 2020. Most businesses, on the other hand, will only use one or two of the next-generation features.

How is the market for next-generation firewalls changing? (next gen firewall)

Although next-generation firewalls have been on the market for ten years, demand continues to grow. According to NSS Labs, more than 80% of businesses now have next-generation firewalls. According to Mike Spanbauer, vice president of strategy and research at NSS Labs, “it remains the number one security control for companies today.”

However, none of the next-generation firewalls tested by NSS Labs in this summer’s round of security tests displayed complete resilience to attack variations, despite the fact that six out of ten scored above 90%. That means there’s a lot of room for improvement.

According to Markets & Markets, the next-generation firewall market is expected to increase at a compound yearly growth rate of 12.3 percent from $2.39 billion in 2017 to $4.27 billion in 2022. The reason for this is that the threat landscape as well as the company perimeter have evolved substantially in recent years.

The average firewall lifecycle is three to five years, according to Gartner. According to Gartner analyst Adam Hils, there was an increase in purchases of next-generation firewalls in 2011 and 2012, and we should replace a “significant number” of those firewalls in the next 12 months because they no longer meet today’s needs for throughput and decryption of outgoing Transport Layer Security (TLS) communications. In addition, today’s businesses are more likely to employ cloud or hybrid infrastructure, and their users are more likely to log in via online applications and mobile devices.

Next-generation firewalls are attempting to adapt to the cloud.(next gen firewall)

According to NSS Labs’ Spanbauer, next-generation firewall companies haven’t been able to properly adapt their features to the needs of cloud settings. “This is a big engineering achievement, and we’re still working on a flawless virtual or real replica.”

They are, however, taking advantage of other cloud features, such as real-time threat intelligence data sharing. “That’s a very difficult scenario to block against if you’re patient zero,” he explains. “However, if you give it a minute or two, then we can secure patient 10 or 15 to 20 by virtue of the firewall’s cloud capabilities, with real-time updates.”

Will next-generation firewalls provide endpoint protection?

There’s also a chance that next-generation firewalls will grow into the endpoint security arena. “It would be a lot easier for businesses to handle if they amalgamated,” Spanbauer adds. “However, that isn’t going to happen.”

For the foreseeable future, perimeter and endpoint protection will remain distinct, but the two sets of technologies could benefit one another, he argues. “As a result, the information that the endpoint sees aids the firewall’s performance.”

According to Check Point Software Technologies, the next generation of workplace security will no longer be a firewall, but a new category altogether, combining all of the capability of current nextgen firewalls with cloud, mobile, and endpoint protection.

According to Darrell Burkey, director of IPS products at Check Point, the company’s approach is Check Point Infinity Architecture. He describes it as a “new type of product.” “This does not strike me as a next-generation firewall. Looking at the overall infrastructure from the standpoint of all the different topologies as a cohesive, elastic system is healthier.”

Complete Company Security

According to him, a firewall is insufficient to offer complete company security. “Because it can’t provide complete security, it’s evolving into a layer, or component, of an advanced threat solution.”

According to Enterprise Strategy Group analyst Jon Oltsik, advanced threat solutions, also known as advanced threat protection, can include dedicated threat intelligence gateways that automatically score threats and block them at the perimeter, secure DNS services, micro-segmentation, and intelligent application controls.

The maintenance and compliance of next-generation firewalls is becoming increasingly difficult.
According to FireMon’s status of the firewall study, the most difficult firewall difficulty is the complexity of firewall rules and policies, with policy compliance and audit preparedness coming in second and optimising firewall rules coming in third. Furthermore, the majority of businesses questioned had more than ten firewalls in their network, with 26% having more than 100 firewalls.

Source: ngfw , next gen firewall