For the last few years the term 'Next Generation Firewall' or NGFW has been used to describe what is now 'current' generation firewall technology. Simply put a NGFW is a traditional stateful firewall with an integrated Intrusion Prevention System (IPS), active directory integration and application level visibility and control. Put even more simply, it’s a firewall that is designed to allow or deny traffic into a network, stop known malicious traffic (often, if not always,) based on signatures, and ensure only certain applications are accessed or denied.
Sadly, the hackers who aim to break into networks are getting more and more devious. The move to the cloud, combined with an ever expanding attack surface due to so many connected devices, means that weekly, major IT security breaches are reported in the press – often global brand names – and it is very embarrassing for the companies concerned. More than a rising trend or a business challenge, cybercrime is the product of a deep, complex and fully developed underground economy (have a read of the Juniper sponsored RAND report if this is of interest). As a result, Firewalls need to move to the next ‘Next Generation' in order to keep up with these new attack vectors that are appearing daily. The Firewall must expand to dramatically take advantage of much more intelligence from internal and external sources, like SIEM systems and open source feeds, and begin to operate in a more adaptive manner.
At Juniper we are now talking about our SRX range of firewalls not as Next Generation but as Adaptive Intelligent Firewalls. The SRX series is currently the worlds most successful high end firewall, scaling from very small to very large devices and running the same Junos operating system on the entire range. The latest release and subsequent releases for the SRX see some innovative developments and features that go way beyond the capabilities of NGFW.
So what new features can we expect to see? An intelligence system which is made up of unique elements, including threat intelligence policies, command & control data, infected end-point visibility, dynamic address groups, WebApp Secure attacker ID feeds and Geo-IP data. Juniper has just delivering the first phase of this vision. Spotlight Secure has expanded to be our source for intelligence from the cloud. A feed from the “Spotlight Secure” cloud, can be shared, via Junos Space Security Director, with SRX firewalls in a customer’s environment, so that the firewall can enforce policies based on the adaptive threat intelligence information. Spotlight Secure already has over 10000 known attackers’ profiles; digital fingerprints that go way beyond an IP address for absolute certainty that we will be enacting policies based on accurate information. Adversaries may not have even launched an attack yet on a certain organization, but the SRX firewall can stop them from entering your network right at the perimeter, since we know they are not to be trusted.
Bring on the Adaptive Intelligent Firewall. The NGFW is no longer enough to counter the latest cyber threats. Companies with cloud infrastructures who demand the best firewalls need look no further than the SRX!