The Internet can be a scary place. It is an ever-evolving landscape that empowers the enterprise and is now a critical component to success for most companies. Some organizations have their entire business model based on the Internet and online retail. However, the downside to the exponential growth in customers and wonders of the Internet are now made more obvious with each passing news day. The extended reach offered by the Internet not only lets us reach out to our customers; it also opens the door for malicious entities and provides new attack vectors that target the Enterprise.
But this is old news; everyone knows that hackers, spammers and virus writers are out there trying to get in. That is why we have firewalls, spam filters, Intrusion Detection Systems, Intrusion Prevention Systems, Windows updates and everything else. Yet, given all that we have to secure the enterprise, why are there so many data breaches and public exploits? Because things change, applications mutate and what used to be a wonderful utility is now a data-stealing virus running over port 80. The funny email someone just sent has now infected the entire office and is clogging the network with spam. In other words, Outlook will no longer work and Excel has become frozen and you can’t get any work done.
Enter Next Generation Firewalls. We all know the firewall is a company’s first line of defense against the perils of the Internet. Savvy firewall administrators open only those ports that are necessary to support mission critical applications and services. Bandwidth monitoring and Content Filtering provide an essential layer of security as well. We all know this and employ this technology, so what defines a Next Generation Firewall?
Gartner defines them well in their report, available on the Palo Alto Networks website at http://www.paloaltonetworks.com/literature/research/Gartner-NGFW-Report.html or on the Gartner website at: http://www.gartner.com/DisplayDocument?doc_cd=171540
To view the reports you will need to enter in some information, but essentially Next Generation Firewalls can do everything that a first generation firewall does and more. To fit the Gartner definition they must have Application Awareness and full stack visibility, allowing security policies that enable or disable features at the application layer. The example cited is allowing Skype but blocking the file-sharing feature within Skype. They must have Extrafirewall Intelligence, which allows the firewall to make better blocking decisions using data from an outside rule base such as a black list or white list. Other examples of this would be directory integration, and allowing access to resources based upon the user accounts within the directory.
In today’s rapidly changing climate, what seems like innocuous behavior in an application can be much more. It is easy for applications or malware to exploit open ports in the traditional firewall and go unnoticed because of device limitations. If you would like more information on Next Generation firewalls and everything they have to offer, you might want to check out a company leading the way named Palo Alto Networks. For more information please their website at http://www.paloaltonetworks.com/products/index.html
Steve Kohler
No comments:
Post a Comment