Before looking at the Cisco Firewalls solution, it is important to understand the characteristics of a Next Generation firewall (NGFW).
NSS Labs is a respected, independent security validation entity that performs security analysis and performance measurement for vendors. NSS labs outlines the essential capabilities of any NGFW as follows:
“the stability and reliability of a NGFW is imperative. Therefore, regardless of any new deep inspection capabilities, the main requirement of any NGFW is that it must be as stable, as reliable, as fast, and as flexible as the existing firewall that it is replacing.”
So when exploring a NGFW you have be certain that you will not expose your network in a way that it was protected with previous firewall systems. The firewall should be highly stable with high availability, have filtering that will either allow traffic or deny it, a stateful multi-layered inspection, a Network Address Translation as well as Virtual Private Networks for secure management and remote access.
This will keep a NGFW on par with any previous first generation options. So the obvious next question is…what makes it better?
A NGFW adds support for enhanced services including application awareness and control functions that understands application behaviors and RFC compliance, even those embedded in other services. They also provide user and group control to provide authentication, authorization and accounting based on identity. While first generation firewall systems stop at the first layer of operation in identifying and eliminating potential targets, the next generation examines actions in the second and third layers as well, so even if an attacker makes it beyond the log in arena, they can still be identified by tracked actions. These programs can identify attack signatures and malicious traffic with Intrusion Prevention policies. Additionally the external intelligence is updated continuously to enhance blocking decisions.
The commitment to protect your company and your customers from nefarious acts is one you as a business cannot help but take seriously. We at LeeShanok understand this priority. When making the switch to a NGFW it is important that you put the right technology in place. Here are a few items to consider when you are making your decision.
Some security sensors don’t provide comprehensive awareness; they may see applications but they often miss vulnerabilities underlying in a network’s infrastructure. The typical IPS looks at network signatures to determine the presence of threats. Typical Next-Gen Firewalls go further, enabling greater visibility into user information, application protocols, file transfers, and web apps. However, they still don’t provide enough visibility into hidden vectors. These vectors are important, because it only takes one opening for an attacker to get in.
Only Cisco ASA with FirePOWER Services delivers greater insight into more areas of your business. By leveraging this network discovery you have visibility into everything, from which granular security policies can be created and enforced.
Our Next-Gen Firewall uniquely sees client-side apps and operating systems, mobile device types and corresponding browsers, virtual machine communications and network devices – all while detecting the latest and most advanced forms of malware.
This enhanced visibility enables greater threat detection and more granular control of IPS policies for your specific network environment. In addition to this unprecedented visibility, only Cisco Firewalls offers rapid remediation in the event of a breach.
NSS labs highest ranked security system can be put to work for your company.
First Generation Firewalls
Next Generation Firewalls