How cloud, virtualization and SDN will complicate future firewall security
Network World - The firewall in decades past was mainly the port-based guardian of the Internet. Now vendors are vying to build so-called "next-generation firewalls" that are "application-aware" because they can monitor and control access based on application use.
In addition, more and more features have been packed into many firewalls that include intrusion-prevention systems (IPS), web filtering, VPN, data-loss prevention, malware filtering, even a threat-detection sandbox to try and uncover zero-day attacks. When it comes to the standalone IPS, it might be called "next-generation IPS" as well due to its application controls, such as the IBM Network Security Protection XGS 5000, or the McAfee NS-Series.
[SECURITY:How you are being watched?]
It's all part of the race among the firewall/IPS vendors to try and stay ahead of the pack as they also push for ever-higher throughput to satisfy the need for speed as data centers, which have undergone virtualization, making higher bandwidth in the firewalls a necessity.
Vendors crave the "thumbs-up" from the influential Gartner consultancy or vie to beat competitors in technical evaluation tests, such as those done by NSS Labs or Neohapsis Labs. But in the end, it's all to win the approval of buyers such as Rusty Agee, who's information security engineer for the City of Charlotte, N.C., which makes use of a wide array of firewalls.
"Firewalls have evolved," says Agee, and when it comes to function and speed in firewalls and IPS, "I'm always looking for more."
Data-center virtualization, the increased use of mobile devices and the prospect of the city adopting a "Bring Your Own Device" (BYOD) policy are some of the reasons Agee stays open to new possibilities to protect data at the various government agencies. The city's fire and police departments have started using tablets and smartphones and a BYOD migration policy is now being considered, he points out.
City employees that use mobile devices are making use of the Cisco AnyConnect client to establish a VPN-type connection back to the city's Cisco ASA firewall, according to Agee. Along with other Cisco firewalls and standalone Cisco IPS, the city also makes use of Check Point firewalls and standalone IPS to cordon traffic to critical servers, data centers, Internet access and the city's wireless network.
But multi-vendor firewall/IPS in the city's network doesn't stop there. The city also has the Palo Alto Networks Next-Generation Firewall to monitor and control employee use of applications. Plus, the city uses the F5 Networks application firewall to look for attack traffic against Web servers. Agee says the city of Charlotte has centralized log management for these security devices with LogRhythm's security information and event management.
- A Reference Architecture for the Internet of Things The aim of this is to provide Architects and Developers of IoT projects with an effective starting point that covers the major requirements...
- How to Reduce Hardware & Infrastructure Costs Through Data In this paper, we take a look at how organizations are revisiting their network and server architecture in a bid to address the...
- Software Build Acceleration, Analytics and Build Clouds Discover how to dramatically speed up software builds by automatically distributing build jobs over scalable resource clouds and multi-core desktops, with potential savings...
- Printer Installer: Eliminating Print Servers Printer Installer is an on-premise web application that enables you to centrally manage and deploy Windows shared or direct iP printers.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Hardware White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!