Everything from instant messaging systems to things like Google Apps or Office 365 – many of the applications we utilize today are web-based apps that run via ports 80 and 443.
“There’s so many applications that run across those two ports now that you really need to have the ability to understand the actual applications that are contained within that data stream,” said Matt Corney, CTO of Nuspire Networks.
A next generation firewall (NGFW, aka a layer 7 firewall or an application firewall) helps to understand all of those pieces and offers the ability to control them. You have the option to, for example, allow users access to Facebook to review information, but not necessarily the ability to post information. You’re also able to block things like command and control communications from a security perspective whereas a standard firewall doesn’t have that capability.
“We’re blending the old-school proxy-based technology with the old-school … stateful inspection firewall and marrying those up into this next generation firewall that provides more insight around these applications and are also able to protect you from an IPS perspective,” said Corney.
Further, a NGFW allows you comprehensive network visibility into what’s coming out of your network and application awareness: who’s using things like BitTorrent or other peer-to-peer networking services.
“It really provides a lot of information to be able to digest from a security perspective … a lot of good logging data and information that you wouldn’t normally get to see through a standard stateful inspection firewall,” Corney said.
Corney explained the importance of being aware that your organization may need a very high performing system based upon things like bandwidth and sessions. From a performance perspective, it’s important to consider those aspects when implementing your NGFW.
“We frequently see people that are purchasing undersized or utilizing undersized devices so they’re not able to make full use of the technology,” said Corney.