Cyberoam NGFWs offer actionable intelligence and controls to enterprises that allow complete security controls over L2-L8 for their future-ready security. The next-generation security features in Cyberoam NGFWs protect networks against newly-evolving threats.
2. Next Generation Firewall(NGFW)
A next-generation firewall (NGFW) is a hardware- or software-based network security system
that is able to detect and block sophisticated attacks by enforcing security policies at the
application level, as well as at the port and protocol level.
The term next generation, in the context of network or enterprise firewall, implies a software or
hardware-based security that goes beyond the general methods of URL blocking, network
address translation, and packet filtering. This advanced firewall comes with granular controls
that enable it to conduct a detailed examination of the Web application traffic that passes
through it. The firewall is not restricted to examining traffic data only of certain packets, as it is
able to track each packet of traffic to larger transactions.
3. Features of Next Generation
Firewall(NGFW):
Standard firewall features: They include the traditional (first-generation) firewall functionalities
such as stateful port/protocol inspection, network address translation (NAT), and VPN.
Application identification and filtering: This is the chief characteristic of NGFWs. They can
identify and filter traffic based upon the specific applications, rather than just opening ports
for any and all traffic. This prevents malicious applications and activity from using non-
standard ports to evade the firewall.
SSL and SSH inspection: NGFWs can even inspect SSL and SSH encrypted traffic. They
can decrypt traffic, make sure it’s an allowed application and check other policies, and then
re-encrypt it. This provides additional protection from malicious applications and activity that
try to hide using encryption to avoid the firewall.
4. Features of Next Generation
Firewall(NGFW):
Intrusion prevention: Being more intelligent and with deeper traffic inspection, they may also
be able to perform intrusion detection and prevention. Some next-gen firewalls might include
enough IPS functionality that a stand-alone IPS might not be needed.
Directory integration: Most NGFWs include directory support (i.e., Active Directory). For
instance, to manage authorized applications based upon users and user groups.
Malware filtering: NGFWs can also provide reputation-based filtering to block applications that
have a bad reputation. This can possibly check phishing, virus, and other malware sites and
applications.
5. Next-Generation Firewalls (NGFW)
With Layer8 Identity-Based
Technology
Actionable Intelligence & Controls
Cyberoam OS
High Performance
Scalability
Flexibility
6. Things to ConsiderWhen Looking at
a Next Generation Firewall solution
Underlying Architecture and design: Was the Next Generation Firewall designed from the
ground up to perform its security controls in a single pass or are there different modules that
have been added to an existing platform to provide added functionality? This could lead to
issues with the following two items to consider.
Performance: What if any impact will be recognized if you turn on all of the security features
and apply them to every security policy?
Leveraging Application intelligence for threat scanning: Can the firewall use application
visibility and knowledge to scan only threats for the application in question or does it have to
go through its entire database for evaluation? See the example of Oracle above.
Management: How easy is it to manage the Next Generation Firewall? Do I have to configure
different rule-bases to take advantage of application control? Is the threat prevention
management a separate rule-base or is it integrated with security policy? How much
visibility/logging is provided into traffic traversing the firewall? This becomes important when
troubleshooting and potentially migrating from port based control to application based control.
7. Reasons a Next Generation Firewall
Is A Must
Application Identification : Application identification answers the question, what sort of traffic is
allowed? It uses multiple identification mechanisms to determine the exact identity of
applications crossing the network. As the applications are identified through a multi-factor
approach, the policy check determines how to treat the applications and related functions.
Accurate traffic classification is the core of any firewall, with the outcome becoming the
foundation of the security policy.
Application Control : Application control is as critical as identifying the applications. Next-
generation firewalls with application control allow you to create application-based firewall
policy, to help regain full control over application traffic by managing bandwidth. A robust next
generation firewall solution on your enterprise wireless network provides granular application
usagecontrol policies such as: allowing or denying, allowing certain application functions and
applying traffic shaping, decrypt and inspecting, and allowing for certain users and groups. It
increases productivity, prevents data leakage and protects against application-borne malware.
8. Reasons a Next Generation Firewall
Is A Must
Threat Prevention : In order to prevent threats effectively, any network needs to first reduce
the avenues of attack by controlling which applications run on it. Then, a firewall needs to scan
“allowed” application traffic for threats more broadly, while not limiting them to a strict definition
of a particular type of threat.
9. Advantages of Next Generation
Firewall
All-in-one functionality
Greater visibility and control
Simplified management
Better security
Lower total cost of ownership
10. Comparing Next Generation
Firewalls
Does the NGFW solution provide protection against server application attacks and client
application attacks? What is the percentage of time that it does not?
Can the NGFW solution be evaded?
Is the device stable and reliable?
Does the NGFW solution enforce inbound and outbound application polices?
Does the NGFW solution enforce inbound and outbound identity policies?
What is the performance of the solution?