How to select a Next Generation Firewall
Today organizations of all sizes are embracing digital infrastructure to enhance productivity and to offer improved services. However, digital adoption also translates to greater exposure to cyber threats. The cyber threat landscape across all sectors is evolving fast, both in terms of sophistication and impact. Several advanced attack vectors and exploits are consistently coming to the fore.
Current threat detection and response capabilities are primarily challenged by:
- The speeds and feeds of an attack
- Significant intervals in discovering and responding to cyber attacks
- Longer restoration times per attack
At this juncture, we see multiple organizations who are re-defining their borderless infrastructure and are struggling to select next-generation firewalls (NGFW) that are most suitable to advance their cybersecurity posture. Due to the following key organizational transformations (or challenges), NGFW plays a crucial role in enterprise security:
- Embracing cloud for business: We see a rising trend of SaaS and PaaS adoption to improve business operations. As multiple applications executing across heterogeneous devices, a service or a port could be blocked easily to cause valid applications to stop functioning.
- Sensing legitimate traffic across multitude of applications used: With new technologies and frameworks enabling organizations to create different types of applications, services, and business models, organizations require security solutions which can filter comprehensive traffic and identify suspicious behaviors, such as a program trying to jump from an IPv4 to an IPv6 network and restrict malicious application activities at the network perimeter.
This article discusses the key focus areas and the functional dimensions to choose or create a security solution using NGFW. Feasibility analysis for the solution should include the following:
1. A shift in ‘Requirement to the Value proposition.’
We need to move from charge-for-service to value-based long-term investment. We need to review the solution from an overarching perspective and identify the services based out of the solution which can adapt to the dynamic environment
2. The right ‘Capability and Delivery Model.’
The Integration across multiple solution stacks require awareness of potential system interconnections existing across layers. The capability to deliver greater control over an infrastructure through coordination and accountability across multiple solution stacks is a delivery challenge which needs to be cracked.
3. Future Needs:
Factor in the crucial parameters for the organization, so that the solution can be geared towards future expansion using emerging technologies. Increase the solution viability through appropriate information on the organization’s key requirement areas, specific technology rating, stronger market position, expanded geographic reach, customer acceptance, and manageability etc.
This would assist the organization to tackle the five broad-spectrum challenges:
- Transitioning from current security solution to NGFW enabling specific capabilities and rules with less complexity
- Provisioning or automating features with current infrastructure and security solutions
- Finding the way out to enforce policies and monitor through dynamic object-based abstractions and API’s
- Identifying and configuring specific capabilities providing comprehensive threat protection and mitigation
- Enhancing capabilities supporting analysis of organization’s traffic and enforcing policies across cloud and other monitoring solutions
The eight vital functional components which should be looked at from an assessment perspective include:
- Business Drivers (e.g., Roadmap, Compliance, etc.)
- Management of the solution
- Integration and Interoperability
- Application Control
- Logging and Audit
- Innovation and Solution Maturity
- Capabilities of NGFW
- Maintenance and Support
Technically, there can be multiple areas which need to be emphasized upon, but we are highlighting here the crucial elements as per our observation, which can make or break the investment if not considered adequately. The key focus areas include:
- The capability of the solution to provision policies which can be assigned to cloud-based applications, within any service model of cloud
- The ability of the solution to identify the origin of an attack (such as when the malware was planted etc.) and mitigate the threat.
- API’s for integration (Workflow and Automation)
- The capability of developing custom application signatures
- Solution capability to leverage all potential hypervisor APIs – use of hypervisor and SDN APIs, such as VMware NSX or OpenStack Neutron, which would allow the interception of network traffic at the virtual NIC (vNIC) or virtual port level (for micro-segmentation)
- The solution’s potential for embracing VM NGFWs from hardware-based appliances (impact and other key aspects such as migration, support etc.)
- Scaling of the solution (Clustering and other aspects)
- Capability to protect the information going in / out to the cloud-based environments
- The capability of using threat intelligence information in reports or taking the threat intelligence information and creating queries to run against existing log data.
- Framework or ability to support or integrate with multiple Third-party solutions
- The capability of profile verification (i.e., identifying security profiles/traffic profiles with a provided security profile or dynamic object associated with an environment)
Thus, organizations should focus on the above-mentioned key focus areas and the functional dimensions to have an effective NGFW in place. This would control attacks across all the layers of enterprise applications and infrastructure. This would further assist to rapidly provision new security profiles for any types of attacks and improve network visibility with more agility and flexibility. At Nivid technologies, we take these recommendations seriously while designing perimeter-based security solutions using NGFW.