Traditional vs next-gen firewalls
by Abbie-Lee Hollister, on July 18, 2018
The Rise of Next-Generation Firewalls
Next-generation firewalls (NGFWs) can operate at all levels, including the application layer. But there’s much more to the story. Not only do NGFWs monitor traffic and take pre-defined actions when certain rules are broken, they also can make intelligent decisions. And they typically include more advanced security functionality like integrated intrusion protection and automated updates to safeguard against new and emerging threats.
Let’s look a little closer at just what NGFWs can deliver:
Deep Packet Inspection
NGFWs are much more thorough as they inspect packets coming in and out of networks. Because they include intrusion prevention systems (IPS), they rely on either behaviour analysis or signatures to inspect inbound packets and determine what they are really being used for before deciding to let the packets into the network.
NGFWs also include user identity management integration, like Active Directory or Radius, and can bind user IDs to IP or MAC addresses.
Application Visibility and Control
With a NGFW, you can enact policies based on users, groups, devices, time and applications. As an example, you can let certain groups, such as the marketing team, set up social media accounts and use them while on the corporate network, but restrict others from doing so.
You can block certain features and functionality within applications. NGFWs also provide comprehensive visibility into activities, delivering real-time and historical insights. That kind of visibility is critical for some, like schools, that want to monitor the type of websites devices are visiting while on the network.
Network security in the past required layered solutions and multiple appliances to be effective. These layers usually required separate updates to address vulnerabilities, while the need for standalone hardware and someone to maintain these investments were usually the source of inflated IT budgets.
Today’s NGFWs streamline these solutions through a single device, which is simple enough to be deployed and maintained by individuals from any location. Now, one firewall can deliver anti-virus, spam filtering, deep packet inspection, intrusion prevention, application control, automated updates and more.
Learn more about Untangle Next Generation Firewall today and register for a free 30-day trial online.