A next-generation firewall (NGFW) is a networking and security appliance or application that processes network traffic. NGFWs apply rules to block dangerous or potentially dangerous traffic. They rose to prominence about five years ago as firewalls moved on from their original duties in security defense to take on a great many more functions.
Here are some of the top trends in next-generation firewalls:
1. New names
As the name implies, next-generation firewalls represent an evolutionary step beyond traditional firewalls. A traditional firewall can be regarded as a gatekeeper to a device or a network. It can detect any attempts to gain access to an operating system and block traffic from unwanted or unrecognized sources. In other words, they had a kind of traffic controller function. Firewalls proved more than adequate at catching dodgy incoming network traffic and provided an extra layer of defense against malware. The underlying technology was relatively simple. They only accepted the incoming connections they had been configured to accept. Otherwise, they blocked data packets based on pre-set rules.
So, what is different about NGFWs? Essentially, they do everything that regular firewalls do, but add a more. NGFWs continue to evolve. A problem, though, is that as soon as you use the term “next gen” as your product name, what do you do when you develop a whole new feature set that takes NGFWs to the next level, and represents yet another new generation? Hence vendors have gotten inventive with their terminology. They have come up with all sorts of titles such as network firewalls, software-defined firewalls and more. Expect some confusion when you try to sort out which generation is the actual next generation. Maybe we will soon see Next Next-Generation Firewalls in the near future.
Part of the problem with firewall nomenclature is converge. We have seen convergence happening to other fields. Voice and internet traffic converged to produce VoIP. Different types of storage converged into hyperconverged storage architectures. Now it is the turn of security and firewalls.
“Next-generation firewalls are quickly becoming the foundation of the convergence of networking and security,” Nirav Shah, Vice President, Products and Solutions, Fortinet.
With the rise of hybrid IT models, the network is becoming increasingly important in connecting users, applications, physical locations, and multi-cloud environments. Thus, we are seeing modern NGFWs that incorporate artificial intelligence (AI) and machine learning (ML) capabilities as well as Software Defined Wide Area Networks (SD-WAN), LAN Edge controllers, 5G support, and a variety of security features.
“A converged approach in today’s threat landscape is essential in protecting against increasingly advanced threats and realizing better user experience,” said Shah.
3. On-prem firewalls decline
Peter Lowe, Principal Security Researcher, DNSFilter sees a clear firewall trend away from on-premise devices towards cloud services. More recently, it has trended in the direction of zero-trust configurations to enhance security that essentially do away with centralized firewalls entirely.
“While there is a place for physical devices in large enterprise networks with a physical footprint, the rise of remote working and international collaboration has prompted a different solution to the same issue of protecting our networks,” said Lowe.
4. Losing ground to CDNs and WAFs
As attack surfaces have shifted over the years, web applications have become a more attractive target than on-premises devices to cybercriminals. As a result, many of the functions of traditional firewalls and old-school NGFWs have been absorbed by other technologies. These include Content Delivery Networks (CDN) and Web Application Firewalls (WAFs).
“Traditional firewalls have lost much of their value in this new landscape, with former responsibilities being pushed to CDN/WAF,” said Rickard Carlsson, CEO and co-founder, Detectify. “Although firewall vendors are working to innovate and adapt, installing a traditional firewall while running workloads on AWS, Azure, GCP, and other cloud resources just doesn’t make sense.”
5. Cloud native
In firewalls, the days of on-prem firewalls appear to be numbered. More and more, architectures are appearing that are cloud native. This is in response to user demand from enterprises where they are sending more and more applications and functions to the cloud.
“Enterprises have a hard requirement to manage cloud firewalls like cloud, scale it like cloud, deploy it like cloud, in other words, cloud firewalls need to go cloud-native else they will be rejected by the enterprises,” said Vishal Jain, Co-Founder and CTO at Valtix.