Who’s on first? What’s on second? With Next Generation Firewalls
Jul 2, 2014
It’s a familiar routine and not just for comedy duo Abbott & Costello. It’s familiar for any network administrator or security expert. How do you know what applications are running over your network? How do you know who’s doing what in your infrastructure? Now with a next generation firewall "I don’t know" doesn’t have to be on third.
Traditional firewalls are very useful. They’ve been around for a long time but they just don’t give you the depth of visibility into and control over what’s running over your network that you need in today’s world. A next generation firewall (NGFW) does because it can read deep into your network packets.
A good NGFW can identify the applications running on your network, even those pesky ones that are trying to evade detection. This way you can decide if you want to block that app (“BitTorrent comes to mind here”) or if you just want to put stronger security (IPS or AV) in place for traffic associated with that app. Or maybe you are fine with that app but you don’t want it taking over your network resources so you want to put some quality-of-service controls on it ("YouTube is a good candidate for this").
A good NGFW can also use information from your network directory so you can apply security policies to users based on their role in your organization. For example: maybe marketing and sales are allowed to use social media during work hours but other employees aren’t. Or, in a school environment maybe faculty and staff have different permissions than students.
Application and user role awareness is very useful but it isn’t so great if managing and deploying these security controls is time consuming and creates lots of administrative overhead. So you also want simplicity. Luckily NGFWs also typically come as a single integrated solution and the better ones come with a good centralized management platform.
Here at Juniper we’ve been offering NGFW capabilities for some years. We are happy to announce that with our latest NGFW release we are offering even stronger application identification and integrated user role-based firewall controls with our SRX Series Services Gateways. So now it’s even easier to know "who’s" on first and "what’s" on second. And, "I don’t know" is definitely no longer on third.