State of the Firewall – Panelists Answer More of your Questions

Since it’s RSA week, it’s a perfect time to continue the discussion of the State of the Firewall in 2013. Last week we attempted to address the most asked question from our State of the Firewall webcast, but we have many more questions to address (and will address in more blog Q&A posts with our webcast panelists from AlgoSec, Fortinet, NSS Labs and General Motors).

“Other than costs, what’s the biggest benefit of deploying NGFWs versus traditional firewalls and IPS?”

Pankil Vyas, Manager – Network Security Center, General Motors
You will get better correlation of logs.  Cost itself is a good reason. In a mature organization with role based policies you can reduce false-positives with a NGFW implementation. 

Nimmy Reichenberg, VP of Strategy, AlgoSec
Simplicity of management (which also translates to cost when you think of it) and over time we expect better correlation between IPS findings and the firewall policy.

Ryan Liles, Director of Testing Services, NSS Labs
While we would never recommend a single security device deployment as opposed to a layered approach, there’s something to be said for an all-in-one solution. There are obvious management implications to running a single, combined device where intrusion and firewall policies can be built, updated, and applied in a single session.

Patrick Bedwell, VP of Products, Fortinet
In short, visibility and control.

Visibility includes:

• Ability to see a consolidated view of your network activity, including user and application behavior, in a single console. Instead of having to manage multiple devices and technologies, NGFWs consolidate the data into a single-pane-of-glass management console.
• Ability to see user and device information, instead of ports and protocols, as well as identifying applications coming in over port 80 (traditional FWs cannot distinguish between apps on port 80).

Control includes:

• By consolidating multiple security technologies into a single device, NGFWs allow you to integrate disparate technologies into a single set of policies for granular control of the activity on your network. For example, you can block specific behaviors within applications to reduce the risk of exposing employees to malicious content (such as allowing only access to comment on facebook but not follow links or upload files). And, for those groups or users who require an exception (such as the marketing team which downloads content from YouTube for marketing purposes) the NGFW will inspect the traffic to ensure the traffic does not contain malicious content.

• Control also includes being able to set different polices for a single user credential based on what type of device he is using to access the network (personal tablet, corporate notebook, or smartphone)

Next week we’ll share the rest of the Q&A session in more of a rapid fire session with the panelists. For those of you attending RSA this week, enjoy and please make sure to stop by the AlgoSec booth 433 to learn firewall policy management tips and tricks and to see a demo of the AlgoSec Security Management Suite.