Full Text

With more employees accessing network resources remotely, the increase in companies deploying hybrid cloud architectures, and the overall escalation of security threats, firewall technology is critical to the integrity, security and the very lifeblood of any enterprise.

Traditional firewalls are security devices which inspect traffic at the point of network ingress/egress, as well as provide Virtual Private Network (VPN) and encryption capabilities. Firewalls watch traffic by state, port and protocol, and control the flow of the traffic passing through. In a traditional firewall, advanced security features are typically provided by external appliances and services that live outside the firewall platform.

ADVERTISEMENT

[ Also see What to consider when deploying a next generation firewall. | Get regularly scheduled insights by signing up for Network World newsletters. ]

What are next-generation firewalls

Next-generation firewalls (NGFW) offer the same capabilities of a traditional firewall with added features such as Deep Packet Inspection (DPI), Integrated Intrusion Protection (IIP), Web Filtering, Antivirus, Antispam, Anti-Malware, SSL and SSH traffic inspection, all with an eye towards the detection and isolation of threats in real-time.

These added features are integrated into the NGFW platform and are typically managed from a single console. Since all of these features are provided by the same vendor, next-gen firewalls are easier to maintain and are more convenient when vendor support is needed.

While basic firewall functionality is foundational to all products in the NGFW market, the firewall is no longer just an appliance that sits in your data center. The adoption of cloud has required that a firewall must provide features beyond the physical device, such as virtualized appliances, firewall as a service (FWaaS) and containerized versions.

Next-generation firewall vendors have SASE on their roadmaps

Secure Access Service Edge (SASE) is an emerging service model that incorporates WAN optimization and other security services such as Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA) through a cloud-based implementation that provides uninterrupted access for users anywhere and anytime.

Forward-looking NGFW vendors have begun to incorporate these feature sets in their product lines. While widespread SASE implementation is considered a ways off, NGFW vendors have it on their product roadmap.

The top four vendors in this multibillion-dollar market are (in no particular order): Palo Alto Networks, Fortinet, Cisco,...