Selection of next generation firewall

Select the performance of the next generation firewall

When choosing the specific performance of the next generation firewall to be deployed, the network and security teams should cooperate. A conservative performance selection method is appropriate for two reasons. First of all, the administrator in charge of network security must be proficient in operation and monitoring new performance. Secondly, many functions are authorized separately, which requires continuous funds in the early stage to maintain.

The most direct way is to choose a next-generation firewall platform, which can provide all the services you want to deploy, but only buy licenses for those services you want to use immediately. Launch a set of services that can closely match the niche products you currently have, and then slowly and appropriately transition to the next generation firewall. Once everything is under control, you can start to consider deploying a new function until you slowly reach the final state you want.

buy

Application identification and control. The most important function of any next-generation firewall is to be able to correctly understand, decode and analyze application traffic to detect known or unknown threats. The strategic changes of most critical business applications are carefully designed to support different types of functions. Firewalls need to be able to detect these subtle changes in order to make appropriate policy decisions. Any efficient next-generation firewall must support fine-grained application policy deployment and control, and at the same time, no matter how the traffic pattern changes with time, it must be able to update to the analysis and processing engine that supports equipment evaluation rules and continuously applies these rules.

Protocol parsing and anomaly detection. Any next-generation firewall must be able to quickly resolve protocols into existing components. Many attackers use complex tunneling technology to embed specified protocols or sensitive data into other protocols. In this way, the next generation firewall needs to judge whether the protocol types such as ICMP and HTTP are real or artificially created by attackers.

User identification. All enterprise-level next-generation firewall products should have the function of connecting various directory resources (such as active directories and related activities in the existing environment) for user identification. Ideally, the system should be able to map IP addresses to system names and user login names. Role-based policies on firewalls can be used to detect special users. This enables the firewall to determine whether there is abnormal traffic related to protocols and applications, even if the usage patterns it tracks are based on specific users and groups. In this case, the most important thing for enterprises planning to purchase is the support of products for user resource pool types.

Speed and performance. In addition to understanding and filtering traffic, another key factor in evaluating NGFW is speed. Considering that the processing and analysis of data packets are very intensive for any next generation firewall device, traffic delay is a major problem. Many manufacturers advocate that their products can maintain the speed of 10 Gbps or faster, but enterprises still need to conduct thorough tests to get the actual speed before deciding to buy.