Having a strong firewall has always been a cornerstone of any IT security department. Firewalls keep intruders out and reduce unwanted traffic, attacks, unauthorized users, etc. With the advances in technology, purchasing the correct firewall solution for your company has become more complex with the advent of the next-generation firewall (NGFW).
In this firewall buyers guide, I’ll go over numerous NGFW features you should consider. I’ll also include the NGFW management tools you’ll want to have. Finally, I’ll present you with some of my top firewall vendor recommendations. Let’s now jump into the features!
8 Firewall Features to consider
When searching for the best NGFW for your business, you’ll want to ensure that it has some of the following features.
1. Dedicated Threat Intelligence
When looking for an NGFW for your business, you’ll want to ensure you have one supported with threat intelligence. This is to stay up-to-date on the latest threats and signatures. A research team that gathers, analyzes, and vets information 24/7 worldwide usually supports these threat intelligence feeds. You’ll also want to consider NGFW vendors with a dedicated team of cybersecurity professionals and advanced machine learning algorithms. Your NGFW should also have security sensors that are located worldwide to deliver cutting-edge threat feeds. These sensors can detect and block threats automatically and within the blink of an eye. While looking into threat intelligence in NGFWs, it’s important to also consider multi-instance firewalls.
2. Multi-Instance Firewall
A multi-instance firewall allows each running container to have its own firewall, which runs independently of any other container. This makes it great for any customization to a particular application. It’s also beneficial because you can have separate firewalls for each application. In addition, with containerization, if by some chance one of your applications becomes infected, it’ll be limited to just that application. On top of multi-instance firewalls, you’ll also want to have zone-based firewalls, too, for large enterprises.
3. Zone-Based Firewall (ZBF)
ZBFs offer stateful inspection with advanced network security features for large enterprise network infrastructure. This means you can divide your large network into zones. You can then limit what data passes between zones or what comes from outside the network into the zones. A ZBF, also known as a stateful firewall, is the foundation for any NGFW. For enterprises with large networks, I recommend ZBFs for larger enterprises, as it’s easier to configure and define policies with ZBFs. You’ll also need lots of policies if you’re in a large enterprise.
4. Intrusion Prevention System
Intrusion Detection and Prevention Systems (IDPS) were originally developed as a stand-alone solution, which was later incorporated into the NGFW stack. IDPS in a NGFW prevents attacks that could exploit vulnerabilities, like distributed denial of service (DDoS) attacks. Thus, it provides an additional layer of strong security. The IDPS also uses signatures for known exploits, and is based on anomaly detection. Like the dedicated threat intelligence, you’ll also want to ensure the vendor has a team dedicated to keeping the IDPS database up to date to support maximum protection.
5. Application Control
NGFWs came into fruition with the addition of application control, IDPS, and URL filtering, forming a single enterprise class platform. Application control allows enterprises to define firewall policies based on applications or websites and micro-applications. For example, you could set the firewall to block social media on computers on your network. Application Control also provides micro-level control over network traffic based on user identity and email addresses. In addition, it provides application-layer access control to regulate web browsing, file transfer, email exchange, and email attachments. This really digs deep down on some of the smallest levels to also ensure maximum protection.
To provide even better insight and control over websites visited by computers on your network, you’ll want to consider URL filtering as a part of your web control.
6. Web Control
Web control, which is also known as URL filtering, compares requested websites against a massive database containing millions of rated URLs, IP addresses, and domains. URL filtering allows administrators to write policies that allow or deny access to websites. This access is based on individual or group identity, or by time of day, using predefined categories. An NGFW should also be able to do URL filtering based on categorization. In other words, it should block websites based on categories. It can also block based on security reputation. Consider NGFWs with threat intelligence feeds that are supported by a research team. In addition, you’ll want to be able to inspect incoming TLS/SSL encrypted traffic.
7. Inspect TLS/SSL Encrypted Traffic
This inspection feature decrypts and inspects TLS/SSL encrypted traffic on the fly, without proxying. It can also apply control policies to protect against threats hidden inside encrypted traffic. Encrypted data is used a lot between websites and servers. Sometimes, bad actors can also use this encrypted traffic to mask attacks and let it bypass older firewalls. Enterprises should ensure that the NGFW supports the latest version of encryption protocols, like TLS 1.3. Finally, you’ll want to consider SD-WAN integrations.
8. SD-WAN Integrations/Capabilities
SD-WAN technology allows organizations and enterprises with branch locations to build highly available and higher performance WANs. Organizations can also use low-cost internet access like broadband, 3G/4G/LTE, fiber etc. This is a cost-effective way to replace expensive WAN connection technologies like MPLS with SD-WAN. SD-WAN security also enables distributed enterprises to build and protect high-performing networks across remote sites against cyberattacks.
Besides all the above features, you’ll also want to also consider some management features. That way you can manage all the features and data that an NGFW will supply you with.
Top 3 Firewall Management Features to Consider
An NGFW will have a lot more bells and whistles than a standard firewall. That being said, it’s important to also have the right management tools in place. Thus, you can get the maximum use out of your NGFW. Below I’ll cover the top 3 management tools to consider.
1. Central Manager
Centralization is extremely important when it comes to working with all the data you’ll be getting from your NGFW. You might also want to consider centralizing your firewall and general network monitoring teams into one. That way you can have one “eye in the sky” to look down and monitor everything. To make the visualizations easier and keeping track of what’s going on, you’ll also want to go with a centralized view known as a single pane of glass.
2. Single Pane of Glass
An NGFW will output massive amounts of real-time data and logs. The best way to monitor this is to use a single pane of glass. In other words, all your real-time data is on screen– allowing you to make informed decisions. Logs will also be available, so that you can look for patterns or other anomalies in past-time events. If you’re working for a large enterprise, you’ll also want to have support for both cloud and on prem.
3. Hybrid Cloud Support
If you have anything on-prem, you’ll need to have support for those physical servers. That translates into having a hybrid cloud support model to meet your firewall needs. You’ll also want to ask potential vendors if they offer this solution model before proceeding with any other questions. Otherwise, you’ll end up having a segmented firewall strategy: one for the cloud and one for the on-prem servers. This approach will cause too many inconsistencies.
You’ve covered the top 3 management tools and important NGFW features to consider. Now, let’s take a look at a few firewall vendors so you can get an idea of what’s out there.
3 Firewall Vendor Recommendations
In this final section, we’ll take what we learned from above and apply it to looking at 3 NGFW vendors. For even more vendors, checkout “The Five Best NGFW for Your Organization”. Let’s take a look at the top recommendations.
1. KerioControl
KerioControl is my number one recommendation! This is because it has almost every feature covered in this article. It has a great URL filter, intrusion detection, centralized command, and single pane of glass observation.
The firewall hardware is also reasonably priced between $595 and $1,799. You’ll get a software subscription too. This software will provide you with all the NGFW features I spoke about earlier in the article.
2. Barracuda
Barracuda’s NGFW offers a lot of great software protections. These include Secure SD-WAN, Dynamic Bandwidth and Latency Detection, DNS Server, Web Filtering etc. For pricing info, you’ll need to reach out to a Barracuda sales consultant for more information. You’ll also learn about many good software offerings.
3. Juniper Networks
Juniper Networks’ NGFW is another good contender. They have a large selection of hardware firewalls that can meet all levels of business needs. They also have two virtual firewalls that can be employed as a Firewall as a Service. Some of the features include secure SD-WAN, an easy to use GUI with centralized control center, and on/off box automation. These features allow for remote configuration of network and security policies.
Final Thoughts
As tech has advanced so much over the past 20 years, the standard firewall just won’t cut it anymore. For most companies, an NGFW is becoming more of a requirement for reliable security.
When buying an NGFW, this buyer’s guide should be enough to cover the most important features you’ll need to look for in an NGFW. This guide can also offer beneficial advice on what management tools you’d need to have, depending on your company. I also reviewed some popular vendors and covered some of the key features that they offer. If you still feel like you could use some more information, check out the FAQ and Resources below.
FAQ
What is an access control list (ACL)?
A firewall ACL is a list of allow/deny conditions, or rules. This list allows firewalls to determine if a packet can pass through or not. It’s a way to filter data that passes through the network. Depending on the hosts, services, and applications behind that firewall, these lists can also be quite long.
What is a DDoS attack?
A Distributed Denial of Service attack is a type of cyber attack that overwhelms a network or network device, like a firewall, and crashes the website. Crashed websites can cost companies millions in revenue due to the downtime. In turn, it prevents it from receiving connections. In other words, it denies users access to whatever service the network or device normally provides.
How do firewalls work?
A firewall typically sits where your networks connect with other networks. It examines every packet that passes through your network. It then compares the packet content with a list of blocked IPs, ports, and protocols. If a match occurs, the firewall will also raise an alarm to alert you. In addition, a firewall can block packets if it comes with Intrusion Prevention System (IPS) capabilities.
Are stateful and stateless firewalls similar?
No, stateful firewalls can detect the complete state of traffic and its flow. They can then make intelligent decisions. A stateless firewall, on the other hand, only checks packets against preset rules. After that, it raises flags if it detects any anomaly.
Can I get log data with my firewall?
Yes, you can get log data with your firewall. It’s also important to monitor your logs from time to time. For example, you might have added some new rules to your firewall. In that case, examining the logs can help you see if these rules require further debugging. If you have a centralized logging feature and want your log information to move there, consider purchasing an NGFW.
Resources
TechGenix: Firewall as a Service
Learn more about the new way to get your firewall as a service.
TechGenix: Traditional Firewall vs Next-Generation Firewall (NGFW)
Discover the similarities and differences between traditional firewalls and next-generation firewalls.
TechGenix: The Five Best Next-Generation Firewalls (NGFW) for Your Organization
Learn more about some of the 5 best next-generation firewalls for your company.
TechGenix: Proxy Servers vs Firewalls
Learn about the differences between proxy firewalls and traditional firewalls.
TechGenix: 8 Types of Firewalls
Understand the 8 types of firewalls and know which is the best for your needs.
