Next Gen Firewall (NGFW)
Next-generation firewalls (NGFWs) are the third-generation firewalls which offer more advanced threat management offering intrusion prevention systems (IPS), deep-packet inspection (DPI), advanced threat protection, and Layer-7 application control technologies.
Key features of NGFWs:
Application and Identity awareness
- NGFWs can identify, allow, block, and limit applications regardless of port or protocol. Also administrators can apply firewall rules more granularly to specific groups and users
Centralized Management, Visibility, and Auditing
- NGFW offers centralised management dashboard that offer a way to track security health, analyse traffic patterns, and export firewall rules for use elsewhere.
- Stateful inspection is a network firewall technology used to filter data packets based on state and context. The state is nothing but the state of the connection flags e.g., SYN, ACK and FIN.
- Context is nothing but the source and destination of the packets. By tracking state and context information, stateful inspection can provide a greater degree of security.
Deep Packet Inspection
- Deep packet inspection (DPI) goes a step further in inspecting traffic from stateful inspection. DPI can locate, categorize, block, or reroute packets with problematic code or data payloads not detected in stateful inspection.
Integrated Intrusion Prevention (IPS)
- IPS was used to work along with firewalls to defend against the new threats from outside the protected network. Now IPS is being integrated with NGFW product offering.
- The purpose of the sandbox is to process malicious code and analyse in an isolated environment. This process is an advanced malware protection method to a cloud based environment where the malware can be tested before using in the network.
HTTPS, SSL/TLS, and Encrypted Traffic
- NGFW can decrypt SSL and TLS communication and this process can easily identify and prevent any threats rooted in encrypted network flows.
- Through third-party threat intelligence feeds, NGFWs can use global network’s updates on the latest threats and attack sources to block threats and implement policy changes in real-time.
- NGFW allows easy third party integration and other SaaS application like SIEM, policy orchestration etc.
Cybkey is a Cyber security IT Managed Professional services Organisation catering to all types of industries. Do not hesitate to reach us at firstname.lastname@example.org for any Cyber security consulting or any security recommendation you may need for your Organisation.
Written by: Arun Velayudhan