What is a “Next Generation Firewall?” Well, in the simplest of terms it is a firewall that is more than just a firewall. The Next Generation Firewall is a firewall that is smart and evolves as new threats are discovered. Gartner describes Next Generation Firewalls (NGFW) as “deep packet inspection firewalls that move beyond port/protocol inspection and blocking to add application level inspection, intrusion prevention, and bringing intelligence from outside the firewall.” (http://www.gartner.com/it-glossary/next-generation-firewalls-ngfws) What a mouthful.
So here is the technically non-technical breakdown. The internet is made up of addresses; each address is like an apartment building with lots of apartment numbers for different services on the internet to use to communicate back and forth. These are known as ports. When ports are open, messages can get in or out. The firewalls of old could open and close ports and could define rules as to what could access those ports. Kind of like a guest list at a hot night club. Hackers are smart, so they learned how to get around these lists by hitching a ride with people on the list, and right into the club the hacker goes. Suddenly, firewalls aren’t enough. So devices like Intrusion Detection systems were built to sit in line with the firewall then other devices that looked at the application information that was being sent and the data in the packets and layers were added until the network edge looked like a complicated electronic onion.
The NGFWs integrate all these layers and add intelligence. Rules called heuristics that look for known patterns of attack and are updated frequently to reduce the time the attacker has to use a new attack. Sometimes this intelligence is updated within hours of the first report of a new attack. This functionality allows the firewall to sometimes filter viruses users have clicked on even before it makes it to the user’s computer to be dealt with by the antivirus software.
NGFWs are an important part of a solid security plan, and if you haven’t looked at your firewall in the last few years you are way over due for a checkup. It is incumbent upon you to keep your customers’ and employees’ data safe, and the firewall is on the front lines. If your firewall doesn’t fit Gartner’s description of a Next Generation Firewall, it’s time to start evaluating a new firewall as soon as possible.