Next Generation Firewall or Security Gateway are capable of consolidating different security verticals into the same appliance.
Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from the outside installed base using intelligence feeds. NGFWs embeds new features to better enforce policy or detect new threats.
- Application control;
- Advanced Malware Protection;
- Data encryption;
- Data Leakage Protection;
- SSL Inspection;
- Intrusion Prevention;
- Web filtering;
- Mail filtering;
- Antivirus / Antispam;
- IPSec VPN & IPSec SSL VPN;
- Identity awareness
- Intelligence feeds
Coming from the best of breed approach by the selection of the best vendor for each security verticals, the trends, today, is the consolidation of several security features into the same appliance mainly for reducing operation expenses. The good question becomes:
- What is the best NGFW vendor for my needs ?
- What is the global throughput needed ?
- What are the specific security features I need, mandatory and nice to have ?
- What are the existing vendor already in place that could influence my choice ?
- What are the official agreements or certifications of the vendor ?
- What is the roadmap of the vendor in the long term ?
- What is the sharing of roles and responsibilities between internal & external resources ?
- What level of maintenance do I need for installation & maintenance ?
- What is the budget for Capex and Opex on how many years ?
- What are the possible interoperations with the existing system ?
- What are the difficulties for installation or migration during working hours ?
- What are the references, the install base of the vendor ?
- What are my internal skills or expertise for this vendor ?
- What type of reporting / alerting are needed for my business ?
Dedicated security gateway or Next Generation Firewalls: Checkpoint, Cisco, PaloAlto, Fortinet
