Next-generation firewalls, also known as second generation firewalls, protect organizations through advanced security features. NGFWs provide functions like deep-packet inspection, intrusion prevention (IPS), advanced malware detection, application control, and overall increased network visibility through inspection of encrypted traffic. They can be found anywhere from an on-premise network edge to its internal boundaries, and can also be employed on a public or private cloud environment.
Traditional firewalls vs next-generation firewalls
Traditional firewalls acted as a sentinel that monitors traffic moving into, and sometimes out of, the network. These devices would look at packets, network addresses, and ports to determine if data should be allowed through or blocked. A good analogy is airline travel. In the first few iterations of the firewall, data was simply checked to see if it had a ticket, and if its credentials were in order, it could board the plane.
Then application traffic took off, and first-generation firewalls could no longer keep up. That’s because criminals were able to hide malware inside application traffic, where the firewall ticket taker couldn’t see it.
So, next-generation firewalls were born with a new set of capabilities like app control and IPS to detect known and zero day attacks. This new tool could see into applications and find and block malware by closely watching network traffic. Think of it as adding an X-ray machine to your airline boarding process. You may have had a ticket, but if there was something dangerous in your luggage you were still denied access.
Over time, additional security inspection technologies were added to the process, such as remediating ransomware with anti-malware. Think of these as the equivalent to body scanners and wiping down luggage looking for bomb-making residue. Unfortunately, as inspections became more frequent, the security gateway became a serious bottleneck. Adding to all that was the rise of encrypted traffic to provide users the safety of securely accessing applications from anywhere to anywhere.
While traditional firewalls were too simple, the complexity and the processing burden of some of the next-generation firewall is its greatest weak point. For that reason, it’s essential to choose your next-generation firewall in a way that balances security capabilities and performance without making a tradeoff.
GET THE GUIDE
Protecting every edge to make hackers’ jobs harder, not yours
In this guide from C Spire and Fortinet, you’ll gain a better understanding of how to protect, consolidate and scale so you can implement a security strategy designed to deliver a seamless user experience and protection aligned with business goals.