In the first of this three-part series examining the stages of firewall management maturity, we look at traditional firewall technology. Even for organizations just looking for the minimum value from a basic firewall solution, there is work involved. Read More
Firewall Management Maturity Stage 2: Next Generation Firewall ManagementIn the second of this three-part series examining the stages of firewall management maturity, we look at next generation firewall technology. By: Leo Kershteyn
If there is one certainty in technology, it's that nothing stays the same for long.
Firewall technology is no exception, taking a big step forward with the introduction of next generation firewalls. As the name implies, this represented a leap forward from basic firewall appliances, integrating intrusion prevention capabilities traditionally found in a standalone IPS device into the firewall itself.
Next generation firewalls are a great way for organizations to provide a powerful 1-2 punch of traditional firewall capabilities with that of an IPS, without having to buy two separate devices. Yes, it's more expensive to invest in a next generation firewall solution, but there are capabilities that make that investment worthwhile.
However, like basic firewalls, the evolution of next generation firewalls brings with it varying elements of maintenance, updating and management. Effective management can be a delicate mixture, depending on the type of next generation firewall and its capabilities. Some vendors present easy integration, streamlined to the point of merely adding a license and enabling the vendor's IPS security feed. Others take a less precise approach, which can include separate management consoles, log streams and functionality requiring tuning and ongoing oversight. Adding in integration with sandboxes in the cloud, endpoint solutions and threat intelligence makes the NGFW even more effective, but also adds layers of complexity that makes doing management in-house more challenging.
Especially if your organization lacks the in-house resources to accomplish these tasks efficiently. A recent study determined 66 percent of respondents believe they do not have enough employees to address the level of threats anticipated in the near future. No matter where you are in your firewall journey, there always is the hurdle of having the time and the expertise to audit policies, review rulesets and – of course – identify security threats – from the amount of data next generation firewalls produce. A very common occurrence is having to write a custom IPS rule, then testing it and committing to the IPS engine. Custom rules can impact performance if not written correctly and sometimes conflict with rules already provided by the vendor or third party like Secureworks®.
There are times where organizations purchase next generation firewalls and install the appliances, only to realize they have taken on more than they are equipped to handle. Just like basic firewall technology, there is ongoing effort involved to get the most out of your investment, and that effort increases as your infrastructure grows. This is where teaming up with a third-party organization that understands the nuances of next generation firewalls and IPS technologies can be a wise move. Next generation firewalls are more complex than traditional firewall appliances. Security experts can help with change management, upgrades, rule reviews, policy audits and patches, helping your next generation firewall technology discover threats beyond the port and protocol layers.
Next time: Advancing firewall management with threat intelligence.
 Global Information Security Workforce Study, Center for Cyber Safety and Education and (ISC)2, 2017