Thursday, August 28, 2014

How Next Generation Firewalls Can Help Control Your Business

What’s happening with firewalls?

The traditional firewall continues to be a staple in the network for security activities. Firewalls have traditionally operated on Layer 3 and Layer 4 information. In more recent years, they have become a lot smarter, which is in part due to Layer 7 Application identification and enhanced deep packet scanning. With these enhancements, firewalls began to gain new abilities including the ability to control applications and the capability to understand and identify the applications that are running in a network, allowing new application layer controls to be put into place. Next generation firewalls can also reach out to an organization’s directory services, i.e. Active Directory or eDirectory, and pull in user information for setting up user firewall policies, allowing for user and/or group-based application controls.  Referred to as Next Generation Firewalls (NGFW), additional NGFW enhancements include the ability to provide deep packet scanning, content security, gateway anti-virus, and content filtering.

What next generation firewalls deliver

Next generation firewalls give you the control, protection, and simplicity, along with the operational efficiency to support your business. It is important to maintain a balance between three main areas: operational efficiency, support for the business, and security efficiency. Operational efficiency allows users to scale centralized control and protection of resources.  NGFW’s provide support for businesses by being open and flexible with better total cost of operations (TCO).  They also offer security efficiency that protects with breadth, depth, and enhanced threat prevention. Bulk adoptions of next generation firewalls are starting now, and Gartner estimates that 70% of enterprise firewall purchases in 2014 will be next-gen firewalls.

Application awareness is the core of next generation firewalls. Application awareness enables firewalls to identify the applications that are running across it. Applications aren’t always easily recognized as some are evasive, but once identified there are a number of capabilities that are opened for use. In the beginning, visibility and tracking allow administrators to understand what applications are running across the network while gaining an understanding of what kind of security risks you might be looking at as well as what user behaviors are in play. Application identification allows users to control and set policies based on those applications. It gives you the capability to block applications you might consider risky such as peer to peer applications. User firewall controls allow different users to have different application policies based on their role and group. Policies can also be tailored by specific applications and rate limits can also be placed on individual applications, providing a nice level of control.

Quality of Service (QoS) can be applied on policies that help protect and optimize the use of your resources and prioritize the applications that are mission-critical while limiting the resources that are available for applications that are less important. Packet inspection can be used with encrypted packets and can monitor traffic traveling over https, which is important to be able to see what is in that traffic with SSL proxy. Intrusion prevention system (IPS) helps to remediate security threats and apply security controls.
Unified threat management (UTM) is where content security comes into play. UTM provides antivirus, protection from malware, and reputation enhanced capabilities.  Antispam provides multilayered spam protection and protection against APTs.  Web filtering blocks malicious URLs and prevents lost productivity, while content filtering filters out extraneous or malicious content to maintain bandwidth for essential traffic.

Juniper Networks’ next generation firewall strategy

Juniper Networks’ takes a threefold approach to NGFW by providing security, easy manageability, and scalability for all-in-one best value devices along with software that provides consolidated, layered NGFW security. Services provide integrated solutions, ApplD efficacy, and threat/app support full portfolio, while simplified management delivers UX leads engineering, highly scalable integrating management for all of the security services into a single centralized management platform that enables management of multiple firewalls in one place. Open/dynamic intelligent security provides open IPS and app signatures, as well as advanced threat protection.

Juniper’s NGFW capabilities include integrated user/role firewall that allows easy agent-less SRX AD integration, creating a flexible and scalable user FQ portfolio. AppSecure and UTM deliver better application (app) visibility and control including evasive app and tunneled app detection, open app and IPS signatures, and best-in-class content security. Simplified management features include centralized management of the complete security services suite, integrated logging and reporting, and the ability to scale to large environments.

Juniper WebApp Secure delivers what you would expect an application aware solution to deliver, including tracking, firewall controls, QoS controls, SSL Proxy capabilities, and IPS.  Integrated user firewall and extended user security options include integrated user firewall, active user role firewall SRX + MAG, and end-to-end user security SRX + UAC + NAC. All of these services are available on all of Juniper’s platforms, allowing users to choose a platform that best fits their environment and layer on security services as you need them. Licenses can also be purchased on an as-needed basis. Each device can be easily managed with Security Director. Juniper’s Firefly device also offers a virtual platform solution comes with AppSecure capabilities and UTM. When evaluating your NGFW, it’s important to remember that when adding additional services onto your firewall, you must consider the performance implications of those features or the resources that are in your firewall to make sure it can handle the added services.