Five matters needing attention when selecting the

Five matters should be paid attention to when selecting the next generation firewall

with the wide application of Web 2.0 and the explosive growth of weblike applications, nearly two-thirds of the traffic today is HTTP and HTTPS traffic. The main benefits of Web 2.0 applications include enhanced collaboration, improved productivity, and a deeper understanding of the needs of customers and potential customers. Although the new application brings many benefits, it also brings new security threats and leads to a significant increase in network bandwidth consumption

in the past, it administrators could only filter the contents of a small number of ports, and then block all traffic from other ports, so as to avoid all possible attack vectors from invading the network. This era has passed. Today, it and threat patterns are increasingly complex, so enterprises need more accurate it control capabilities

for traditional firewalls, web applications look the same, like normal HTTP and HTTPS traffic, but it administrators will not be fooled. Productivity tools that are critical to one user may be a threat to another user and a waste of time. However, traditional network security solutions do not have this precise control ability, nor can they carefully review all traffic and distinguish between good and bad traffic. Finally, it leads to extreme confusion in enterprise applications

effective control of application chaos is essential to protect the network from Web 2.0 threats and preserve bandwidth. But how to distinguish the quality of flow? How can we correctly identify, classify and control applications and network bandwidth

introduction to the next generation firewall

Gartner, a market research company, believes that the next generation firewall (NGFW) is an integrated wire speed network platform, which can perform the deep flow detection of heating and decomposition oil refining, and prevent attacks. NGFW includes all the standard functions of the first generation firewall, that is, common network functions, such as network address translation (NAT), packet filtering and full state packet detection

ngfw is mainly characterized by application awareness and full visualization of the network stack. NGFW will not only rely on ports or protocols to sense the voltage proportional to the speed to prevent traffic like traditional firewalls, but will implement network security policies at the application layer according to the traffic identified by the deep packet detection engine. Traffic control is no longer simply to prevent or allow specific applications, but can be used to manage bandwidth or prioritize application layer traffic. Deep traffic detection enables it departments to implement fine-grained policies for a single application component. For example, users can be allowed to use instant messaging clients, but file sharing is prohibited

ngfw also integrates network intrusion prevention function, which is not as simple as adding intrusion prevention subsystem to the traditional firewall architecture. The intrusion prevention function integrated by NGFW is the core component of the security engine, which does not need to transmit the same traffic through multiple independent security layers, thus improving performance and enhancing security

dynamic response to changing threats is another important feature of NGFW. The signature Library of the device will be constantly updated to identify new threats and deal with the escalating malware more calmly

five considerations for choosing NGFW

Gartner research suggests that enterprises require suppliers to provide NGFW solutions when replacing firewalls and/or intrusion prevention technologies. However, when enterprises evaluate NGFW, some network security technology providers claim that their products also have good versatility and NGFW functions. Then, the real enterprise NGFW should show you what functions the universal testing machine has in verification and calibration

first, performance

gartner said that NGFW can be embedded in the network without affecting the operation of the network. In other words, NGFW will only bring very low network delay. The close integration of IPS and other functions is the key to achieve this. The single channel engine realizes seamless policy deployment and implementation, and will not bring any delay to the network or significantly reduce performance. This is very important, because enabling NGFW service should not cause network operation interruption

second, powerful scanning function

like the first generation firewall, NGFW also integrates full state detection function. However, the main difference between NGFW and the previous generation is that it supports deep packet inspection (DPI). Many NGFW providers are hyping the DPI function, but tests of these products have found that the DPI function will significantly reduce the security and defense capabilities of the network. Many ngfws must proxy files in order to scan files and block malware, which will have a serious negative impact on network performance. In order to avoid network interruption, some providers choose to directly allow packets to enter the network without scanning them

when evaluating NGFW, please select NGFW with the following functions:

it can scan files of various sizes to find viruses, malware, botnets and other threats

it can decrypt, scan and re encrypt SSL packets

it can scan the original TCP traffic across all ports and a large number of protocols

Third, ease of management

as enterprises begin to pay attention to the security of multiple sites, it is scalable Proven distributed management solutions are critical to achieving security and improving return on investment

fourth, application intelligence, control and visualization

ngfw has a major basic feature, which is to control applications and optimize the flow running in the network. However, if NGFW does not have the following functions, it cannot achieve this feature:

extend the application intelligence and control functions to wireless terminals

support custom applications

check the network situation in real time

scan the application according to the expanding signature library

ngfw can support the above functions to varying degrees. In order to ensure the correct and effective protection of networks, enterprises must understand the functions that specific models of NGFW have and do not have

- powerful signature database: the effectiveness of NGFW is closely related to the number of applications that can be detected and controlled

- real time visualization: obviously, enterprises cannot control and optimize invisible things. When evaluating NGFW, enterprises must consider whether NGFW supports real-time viewing of applications and user traffic

- consideration of custom applications: Although many web application enterprises in the network want to be in control in time, most NGFW can't control your company's custom applications. However, to improve its effectiveness, NGFW must be able to identify enterprise custom applications and give priority to custom applications before dealing with other traffic

- wireless endpoint control: the number of wireless endpoints at the edge of the enterprise network is increasing. If your company also faces such a situation, please consider using NGFW, which can provide powerful application intelligence, control and visualization functions for wireless users. It is of no benefit to enterprises to only control the traffic of wired users and ignore the laptop users who use a lot of wireless networks

fifth, the ability of NetFlow and ipfix reporting with expansion

netflow and ipfix are two industry standards for reporting network traffic to external collection programs. NetFlow is deployed in switches and routers and can export various data, such as IP address source and destination, source port and target port, layer 3 protocol type and service level. After expansion, ipfix and NetFlow version 9 can also export other data of network devices, such as application data, user data and URL data

by integrating intrusion prevention, full state detection and deep packet detection functions, NGFW can help enterprises restore control over networks

sonicwall's next generation firewall provides:

application intelligence - SonicWALL can scan all network traffic, including each byte of each packet. By understanding which applications are in use and which users are using these applications, it can realize complete application intelligence and control functions, no matter what port or protocol the enterprise adopts

application control - application intelligence, control and visualization enhance management and ease of use, allowing it administrators to achieve fine-grained control over applications and users. Administrators can easily create bandwidth management policies based on predefined logical categories (such as social media or games), individual applications, or users and user groups

Application Visualization - to correctly control network usage, the administrator must be able to view the application traffic in real time and adjust the network strategy according to the observed situation. SonicWALL application flow monitor provides real-time charts of applications, entry and exit bandwidth, stations accessed, and all user behavior. As the tight integration function of SonicWALL NGFW, SonicWALL application intelligence, control and visualization will return the network control right to the IT administrator, which can easily distinguish good applications from bad applications, so as to improve production efficiency without affecting security. (end)