NGFW

What Is NGFW?

The Next Generation Firewall (NGFW) is an evolution of traditional stateful firewalls and Unified Threat Management (UTM) devices. While it retains all the essential functions of traditional firewalls, such as basic packet filtering, stateful inspection, NAT, and VPN, it also incorporates advanced security features. These include application and user identification and control, as well as intrusion prevention (IPS).

Compared to UTMs, NGFWs offer significantly faster processing efficiency and enhanced capabilities for external expansion and integration.

Evolution of Firewalls: NGFWs Compared to Traditional Firewalls and UTMs

Firewalls have adapted alongside network advancements since their inception.

• Early packet filtering firewalls solely managed network isolation through access control mechanisms.

• Stateful inspection firewalls, also known as traditional firewalls, enhanced protection by integrating TCP/UDP and application status detection, operating at Layer 3 and Layer 4. These introduced the concept of policies, transitioning from packet-based to flow-based processing, thus boosting efficiency.

• UTMs emerged in 2004, amalgamating traditional firewall features with content security (antivirus, IPS, and URL filtering) and VPN capabilities. However, each functional module functioned independently, necessitating repetitive packet parsing for detection, limiting detection efficacy. Despite simplifying security product deployment, UTMs were more suited for small to medium-sized enterprises.

• With the proliferation of web applications, the interplay between applications, ports, and protocols became intricate. Traditional firewalls, relying solely on 5-tuple information, struggled to accurately discern network traffic. Enter NGFWs, incorporating application identification technology. These can differentiate between applications, even when they utilize the same protocol and port. Moreover, NGFWs deeply integrate multiple security services like IPS and antivirus, running in parallel with firewall services. This contrasts with UTMs, which process packets module by module, resulting in diminished performance. However, both UTMs and NGFWs typically lack web application firewall (WAF) capabilities.

  

Key Capabilities of NGFW According to Gartner

Origin and Concept

In 2007, Gartner, a prominent consultancy firm, introduced the concept of NGFW in response to evolving enterprise workflows, IT architectures, and emerging security threats. By 2009, Gartner formally defined NGFWs in their publication "Defining the Next-Generation Firewall."

Gartner's Definition

Gartner defines an NGFW as "a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks." NGFWs are expected to include the following capabilities:

Traditional Firewall Functions

NGFWs replace traditional firewalls and must retain all their functions, including:

• Packet Filtering: Blocking or allowing data packets based on predefined rules.

• Protocol State Detection: Monitoring the state of active connections.

• Network Address Translation (NAT): Translating IP addresses within network communications.

• Virtual Private Network (VPN): Facilitating secure remote connections.

Application Identification and Control Technologies

NGFWs introduce critical features for application visibility and control:

• Application Awareness: Identifying and managing applications regardless of port, protocol, or evasive tactics.

• Refined Security Policies: Implementing security policies based on specific applications.

• Hierarchical Bandwidth Control: Prioritizing bandwidth usage based on application needs.

• Layer 2 to Layer 7 Inspection: Providing deeper packet inspection compared to traditional firewalls, which operate up to Layer 4.

In-Depth Integration of IPS and Firewall Functions

NGFWs must seamlessly integrate Intrusion Prevention System functionalities:

• Unified Security: Combining IPS with firewall capabilities for enhanced security measures.

• Automated Responses: Automatically updating and enforcing security policies when malicious traffic is detected by IPS.

• Market Convergence: As the NGFW market grows, it increasingly overlaps with the standalone IPS market, particularly in enterprise boundary-specific deployments.

Enhanced Management and Control Using External Information

NGFWs utilize external IT system information to enhance security management:

• User and Location Data: Using data such as user identity, location, and network resources to refine security policies.

• Dynamic Policy Enforcement: Addressing challenges posed by dynamic IP addresses in mobile work environments by integrating with user authentication systems.

Advantages of Next-Generation Firewalls

In an organization's network security strategy, a stateful firewall is often considered the foundation, offering endpoint protection against web-based security threats by utilizing ports, protocols, and known IP addresses. However, while stateful firewalls are widely available and easy to integrate, they may not provide sufficient protection against the latest internet-based threats. Next-generation firewalls offer a higher level of security, particularly against emerging threats targeting application vulnerabilities. Here are the key benefits of NGFWs:

• Content Inspection and Identification: NGFWs inspect and identify the content of each packet, offering protection against attacks occurring at layers 4-7 of the OSI model, spanning from the network to the application level. By scrutinizing packet content, NGFWs can detect and prevent threats that may bypass traditional firewalls by using alternative ports.

• Application Access Control and Filtering: NGFWs allow granular filtering of network traffic based on applications, rather than just ports or protocols. This enables organizations to block or control traffic from specific applications, enhancing security posture.

• Policy Control: NGFWs enable organizations to establish and enforce policies at a granular level, catering to various user groups, applications, and use cases. This fine-grained policy control enhances security and ensures compliance with organizational guidelines.

• Network Visibility and Control: NGFWs provide comprehensive visibility into network activity across hosts, devices, users, and applications. This detailed monitoring capability allows organizations to detect and prevent malicious behavior, facilitating better threat detection and mitigation using a Zero Trust approach.

• Consolidation of Security Solutions: NGFWs consolidate multiple network security solutions, including firewall capabilities, intrusion prevention systems, content filtering, and more, into a single platform. This simplifies integration, management, and updates, streamlining operations for IT departments.

By leveraging content inspection, application-level filtering, granular policy control, enhanced network visibility, and consolidated security solutions, NGFWs offer robust protection against modern cyber threats while simplifying network security management.

Evolving Trends in Next-Generation Firewalls

As networks continue to evolve, the future of NGFWs is characterized by ongoing innovation and adaptation to emerging challenges. Here are some key trends shaping the future of NGFW technology:

• Encrypted Traffic Challenges: With the exponential growth of encrypted traffic, simply enhancing processing performance is insufficient to address the associated security concerns. NGFWs must develop advanced capabilities to inspect and protect against threats within encrypted traffic without compromising performance or privacy.

• Emerging Attack Vectors: New attack techniques, such as the use of Domain Generation Algorithms (DGA) for malicious domain names and Command and Control (C&C) traffic, are constantly evolving. NGFWs need to stay ahead of these three-dimensional and variant attacks by integrating advanced threat intelligence and detection mechanisms.

• Complex Security Operations: The rise of mass attack events adds complexity to security operations and management (O&M) analysis. NGFWs must provide enhanced analytics and reporting capabilities to facilitate effective threat detection, incident response, and remediation.

Looking ahead, the evolution of NGFWs will involve a shift towards platformization and intelligence, driven by trends in big data.