What’s happening with
firewalls?
The traditional firewall continues to be a staple in the
network for security activities. Firewalls have traditionally operated on Layer
3 and Layer 4 information. In more recent years, they have become a lot
smarter, which is in part due to Layer 7 Application identification and
enhanced deep packet scanning. With these enhancements, firewalls began to gain
new abilities including the ability to control applications and the capability
to understand and identify the applications that are running in a network,
allowing new application layer controls to be put into place. Next generation
firewalls can also reach out to an organization’s directory services, i.e.
Active Directory or eDirectory, and pull in user information for setting up
user firewall policies, allowing for user and/or group-based application
controls. Referred to as Next Generation
Firewalls (NGFW), additional NGFW enhancements include the ability to provide
deep packet scanning, content security, gateway anti-virus, and content
filtering.
What next generation
firewalls deliver
Next generation firewalls give you the control, protection,
and simplicity, along with the operational efficiency to support your business.
It is important to maintain a balance between three main areas: operational
efficiency, support for the business, and security efficiency. Operational
efficiency allows users to scale centralized control and protection of
resources. NGFW’s provide support for
businesses by being open and flexible with better total cost of operations (TCO). They also offer security efficiency that
protects with breadth, depth, and enhanced threat prevention. Bulk adoptions of
next generation firewalls are starting now, and Gartner estimates that 70% of
enterprise firewall purchases in 2014 will be next-gen firewalls.
Application awareness is the core of next generation
firewalls. Application awareness enables firewalls to identify the applications
that are running across it. Applications aren’t always easily recognized as
some are evasive, but once identified there are a number of capabilities that
are opened for use. In the beginning, visibility and tracking allow
administrators to understand what applications are running across the network
while gaining an understanding of what kind of security risks you might be
looking at as well as what user behaviors are in play. Application
identification allows users to control and set policies based on those
applications. It gives you the capability to block applications you might
consider risky such as peer to peer applications. User firewall controls allow different
users to have different application policies based on their role and group.
Policies can also be tailored by specific applications and rate limits can also
be placed on individual applications, providing a nice level of control.
Quality of Service (QoS) can be applied on policies that
help protect and optimize the use of your resources and prioritize the
applications that are mission-critical while limiting the resources that are
available for applications that are less important. Packet inspection can be
used with encrypted packets and can monitor traffic traveling over https, which
is important to be able to see what is in that traffic with SSL proxy.
Intrusion prevention system (IPS) helps to remediate security threats and apply
security controls.
Unified threat management (UTM) is where content security
comes into play. UTM provides antivirus, protection from malware, and
reputation enhanced capabilities.
Antispam provides multilayered spam protection and protection against
APTs. Web filtering blocks malicious
URLs and prevents lost productivity, while content filtering filters out
extraneous or malicious content to maintain bandwidth for essential traffic.
Juniper Networks’ next
generation firewall strategy
Juniper Networks’ takes a threefold approach to NGFW by
providing security, easy manageability, and scalability for all-in-one best
value devices along with software that provides consolidated, layered NGFW
security. Services provide integrated solutions, ApplD efficacy, and threat/app
support full portfolio, while simplified management delivers UX leads
engineering, highly scalable integrating management for all of the security
services into a single centralized management platform that enables management
of multiple firewalls in one place. Open/dynamic intelligent security provides
open IPS and app signatures, as well as advanced threat protection.
Juniper’s NGFW capabilities include integrated user/role
firewall that allows easy agent-less SRX AD integration, creating a flexible
and scalable user FQ portfolio. AppSecure and UTM deliver better application
(app) visibility and control including evasive app and tunneled app detection,
open app and IPS signatures, and best-in-class content security. Simplified
management features include centralized management of the complete security
services suite, integrated logging and reporting, and the ability to scale to
large environments.
Juniper WebApp Secure delivers what you would expect an
application aware solution to deliver, including tracking, firewall controls,
QoS controls, SSL Proxy capabilities, and IPS.
Integrated user firewall and extended user security options include
integrated user firewall, active user role firewall SRX + MAG, and end-to-end
user security SRX + UAC + NAC. All of these services are available on all of
Juniper’s platforms, allowing users to choose a platform that best fits their
environment and layer on security services as you need them. Licenses can also
be purchased on an as-needed basis. Each device can be easily managed with
Security Director. Juniper’s Firefly device also offers a virtual platform
solution comes with AppSecure capabilities and UTM. When evaluating your NGFW,
it’s important to remember that when adding additional services onto your
firewall, you must consider the performance implications of those features or
the resources that are in your firewall to make sure it can handle the added
services.