Next gen firewalls (NGFWs) are deep packet inspection firewalls which provide a level of network security that surpasses the capabilities of traditional firewalls by moving beyond port/protocol inspection.
Firewalls provide an essential function in acting as a gatekeeper for the traffic that flows through our networks. They can grant access to certain traffic and refuse it to others, primarily with the intention of not allowing malicious Internet traffic to infiltrate our computers. NGFWs take this security to a higher level by inspecting more layers and determining which applications are running on which ports. Check out the infographic on this page from Exigent Networks. Click on the thumbnail to enlarge.
Before purchasing an NGFW, you should have a working knowledge of what it can and cannot do, so that you realize its true capabilities. NGFWs support strong user authentication, rigorously enforce network security policies and log inter-network activity. Most importantly, they safeguard all hosts on a private network against external attacks. This security blanket, however, is not provided to hosts within a network that does not connect with an NGFW. Also, NGFWs do not adequately protect against malware, Trojans and other unsolicited forms of attack.
What are the key questions to ask when purchasing an NGFW? Firstly, you should know exactly what it will protect against and the percentage of attacks that it is likely to prevent. Additionally, find out if the firewall can be evaded, and whether it enforces inbound and outbound application and identity policies. Also, look at factors such as throughput and stackability.
With hackers becoming increasingly capable of infiltrating poorly-protected networks, it is more vital than ever to ensure that your network is as tightly protected as can be, and a good start is to invest in an NGFW that is best capable of stopping malware from rearing its ugly head.