For decades, enterprises have been depending on many security technologies to defend their network perimeters from variety of cyber attacks. Amongst those technologies, firewalls are a critical layer in perimeter defense. As cyber threat landscape has changed and traditional firewalls no longer prove to be efficient to protect critical IT assets, many organizations decide to add on other technologies such as IPS/IDS, web applications firewalls and web security gateways, etc. as additional layers of defense, forming a multi-layered security mechanism mostly seen in many environments. The challenge with silos of point-solutions in a multi-layered network is those disparate products are usually forced to work together so that they often result in being reactive and tactical rather than proactive and strategic. And the sheer management of all those point solutions is every network administrator’s nightmare according to many statistics.
IT infrastructures and networks meanwhile have become more complex than ever so enterprises need to keep up and adopt robust, more-integrated and effective solutions to keep up with today’s sophisticated attacks. And many organizations decide to adopt the Next-generation firewall technologies in their environment.
Next-Generation firewalls are robust appliance- or software-based network security devices that are designed to detect and block sophisticated cyber attacks, which bypass the defense mechanism offered by traditional firewalls. Gartner reports that only 50% of enterprise Internet connections today are secured by Next-Gen firewalls. NGFW offers variety of features that are commonly available on point-products such as traditional firewall, IPS/IDS, QOS, application control, wireless management and so on.
Many vendors have variety of NGFW offerings that may or may not be required in your environment, however it is critical that a buyer should understand the precise features offered by each product under consideration. When determining whether or not to invest in NGFW technologies or make the business case for purchasing to management, there are a few criteria one would be wise to consider.
1. Features
Different vendors offer similar yet different NGFW features. However, a typical NGFW should offer basic features such as deep packet inspection (DPI), IPS/IDS, Application identification/inspection and granular app control, website filtering, SSL/SSH decryption and inspection, QOS/Bandwidth management and active directory (AD) integration. Additionally some vendors include features such as data loss prevention (DLP), threat intelligence, and mobile device security.
However, it’s important to understand a critical caveat that the horde of additional features available on NGFW beyond traditional firewall functions might not be complete, full-fledged version of each. For example, the mobile device security feature you find on NGFW may not be at the same level of a dedicated mobile device security point-product, functionally speaking.
So the key is to know what the organization is aiming to protect and whether or not the considered product offers the level of protection as required by the organization.
2. Platform
NGFW products come in the forms of appliance- (hardware), software- or even cloud-based (SAAS). Many midsize and large enterprises prefer appliance-based NGFWs while smaller enterprises with simple network configurations tend to go for software-based deployments. Organizations with highly decentralized, multi-location sites often go for cloud-based deployments. Of all, appliance-based NGFWs appeal best to many enterprises because of its simpler nature of deployment as well as management, and the needs for updating/patching of the underlying Operating System (usually Linux) are taken care by the vendor as part of their scheduled software updates. Consider which platform your environment or your tech team is most suited with. If you foresee growth in your infrastructure, consider a platform that is scalable both vertically and horizontally without having to result in complex operational burdens.
3. Performance
Many think just because they have a single all-integrated product with many features onboard, it is OK to just turn on every feature available on the appliance and expect no performance impact. In fact, enabling all features at once often results in serious performance degradations because the appliance has to squeeze out all available resources simultaneously as the network traffic passes it through, which is why ‘performance’ is one of the biggest factors you’d have to take into consideration before you buy a NGFW. You need to consider a product’s performance in relationship to security features you want enabled when determining the NGFW vendor or choosing a model of NGFW.
Before you decide on a particular model of NGFW, you need to know if that model is able to deliver the amount of protected megabit per second (Mbps) that is required by your organization at the cost of no performance degradation. For example, if your organization’s top priorities are SSL-inspection and application control while you have to ensure 10 Gbps throughput, you need to make sure the NGFW model under consideration can process 10Gbps without performance impact while the SSL-inspection and application control features are enabled.
4. Manageability
I am a techie so personally I don’t mind looking at the lines of logs being printed on the black console screen and executing commands to change a configuration. But that may not be so productive and effective when you have to manage a system at enterprise level in very complex environments. That is why the 2015 Gartner Magic Quadrant for enterprise network firewalls evaluation criteria includes manageability and operations as important factors.
The management console or user interface management should be comprehensive yet user-friendly and flexible. A management user interface should allow the users to change system configuration easily, generate reports intuitively, and produce comprehensive and incisive dashboards flexibly.
5. Support
Timely and effective Support by a vendor contributes many extra plus points to a NGFW brand and the value it presents to the customers. Many administrators will agree with me that efficient support from a vendor really complements their product in times of facing critical issues or applying important updates which require downtime. The 2015 Gartner Magic Quadrant on NGFW also rated support -- with quality, breadth and value of NGFW offerings viewed from the vantage point of enterprise needs.
A buyer should obtain certain information about the support packages provided by a vendor before seriously considering their product for purchase. Find out if a vendor has a local presence and a technical support team in the country where the product will be deployed. If not, you’d need to know whether the vendor has reliable and technically efficient local/regional distributors or resellers whose tech team is well-trained and has all required skill-set efficient enough to provide enterprise level support. You will also have to take into account the responsiveness of the support team, accuracy of service response, and customer education and awareness events provided by the vendor under consideration.
6. Price
HA! In a country like Myanmar, that pretty much concludes it for a SMB. Price is unarguably and undoubtedly one of the biggest factors to consider when investing in NGFW technologies in every environment. NGFW comes in multiple forms such as appliance- , software- and cloud-based with prices ranging from a few hundreds dollars to a few hundred thousand dollars per deployment. And all vendors, meanwhile, have separate pricing for maintenance contracts.
As a buyer, you need closely review their bill-of-material (BOM) for both product and maintenance, and check against the requirement bullet-points of your environment. Observe how they package items and how each item is priced. For example, some have licensing model which charges you based on the number of users on top of the base appliance’s cost. Check whether the mandatory BOM is really efficient for future growth. Check whether or not you really need additional cold stand-by appliance on top of the high-availability (HA) appliance. Estimate the number of downtimes that may be required in your environment throughout a year before you consider purchasing 24/7 maintenance and on-site support.
An important thing to take note is we also have to take TCO of a NGFW into consideration. Overall, pricing is one of the big factors to determine TCO, the cost of NGFW and the cost of its operation. For example, the TCO of NGFW is not just its purchase price, but also the expenses incurred throughout its use, maintenance and operation. There are NGFWs, which appear to be cheap initially but have TCO that is even bigger than its initial purchase price. So, consider doing a thorough calculation of TCO for your intended period of use of the product before going for a particular NGFW brand.
Although it is not crucial, another criteria many enterprises nowadays consider is Integrability. Every networked device in an infrastructure needs to communicate with others and that doesn't exclude NGFW. In a multi-platform environment, a NGFW has to be able to integrate with many other systems such as active directory, Security Information and Event Management (SIEM), Identity and Access Management (IAM), Privileged Identity Management (PIM) and so on. For example, without intuitive integration with Active Directory, a NGFW will not have the context of 'who' when enforcing firewall rules based on the users or groups. Some SIEMs can respond to threats by sending commands to NGFW to either drop a connection or enforce a rule, based upon a correlated detection, and the NGFW should be able to accommodate the remote command if the organization wants to deploy the tactical response workflow. As a buyer, you need to find out if a NGFW has capability to integrate with others in a sense that it can form a strategic workflow or enforce a policy in your environment. Ask the vendor if they have done any customized integration with devices that you already have in your infrastructure. Find out whether a NGFW vendor can do API level integration with others if it is necessary.
Conclusion
NGFW is a solution, which offers a good complement of point security products with many robust features that can be used to protect your enterprise against today’s sophisticated threats. That said, they are not a silver bullet to eliminate all cyber threats, at least, not yet. However if you ever consider investing in NGFW technologies, the above seven points that are presented in this article should help you get started on the purchase process and make the best purchasing decision for your environment.
Post Author: Jayden Aung, Director and Team lead, J-Meister Solutions
This post was initially posted here & has been reproduced with permission.
Comments