The Next Generation Firewall vendors every network professional should know about
2020 will always be remembered as the year that COVID-19 held the world hostage. We all had to rethink the way we work and how we could still stay in touch, albeit virtually. This meant there was a huge demand for solutions that allowed users to work from home, which included remote access solutions, video conferencing, and collaboration tools.
Not every company was equipped with enough resources to provide their workforce with remote access to the corporate network. This meant Infradata observed a spike in demand for remote access solutions. In some scenarios, users were allowed to use their laptops or PCs to connect to the corporate network which was beneficial for continuity, but a challenge in terms of security.
As explained on our SASE page, a firewall plays its part in securing an organisation; but end-to-end security requires a NGFW vendor to also provide solutions for CASB, DLP and to support ZTNA. The top 5 vendors below have been selected taking these new requirements into account.
Next Gen Firewall explained
There are many types of malware that a firewall can protect against these days, including ransomware, viruses, worms, trojans, adware, and more. Next Generation Firewalls (NGFW) take it a step further, by offering the ability to not only identify but to also completely block malware before it enters your network. NGFWs can swiftly detect and combat attacks across the entire network. As cyber attacks continue to become more sophisticated, Next Generation Firewalls will continue to be essential components of any organisation’s security solution, whether you’re in a data centre, network, or cloud.
Reviewing next generation firewalls and their capabilities is one of the steps that needs to be taken to significantly improve an organisation’s security. As cyberattacks and advanced hacking methodologies, these days not only drive enterprises to look for next generation firewalls, they also drive next generation firewall vendors to optimise and update their solutions. The global Next Generation Firewall market is expected to grow at USD ~$4.69 Billion by 2023, at ~11.4% of CAGR between 2018 and 2023. It's the largest market in IT security products and still growing around 8 percent each year.
Malicious emails, phishing schemes, and other threats concealed in content can be hard to detect. Luckily, many Next Generation Firewalls vendors offer the threat prevention capabilities IT Security staff is looking for. The best firewalls include application awareness, centralised management features, Deep Packet Inspection, and 100Gbps threat protection, as well as hybrid cloud security. For example, to help defend against the rise of malware, intrusion attempts bypassing perimeter protection and other advanced threats.
"Next generation capabilities have been achieved by all solutions in the enterprise network firewall market, but vendors differentiate on feature strengths and depth." - Mohamed El Haddouchi, Director Solutions & Innovation, Infradata
NGFW features to look for
As mentioned, features offered by the best NGFWs include IDS/IPS, support for single-enterprise firewalls as well as branch offices, web proxy and URL filtering, Web Application Firewalling and virtual versions that can be deployed within the cloud. This in addition to the SASE features described at the beginning of this article.
For a NGFW comparison, it’s crucial to look for differences among Next Generation Firewalls in:
- Third party security product integration capabilities;
- Ease of installation and use;
- Effectiveness at blocking threats;
- Additional features such as application visibility and cloud protection;
- And of course: pricing.
“Next Generation FireWalls should be on every company's short list.” - Mohamed El Haddouchi, Director Solutions & Innovation, Infradata
1. Cisco Firepower
Cisco has been a strong player in the world of NGFW for many years and is again considered a Leader in the Forrester Wave in Q3 2020. The Firepower firewalls are available in many form-factors scaling from the branch site to a carrier-grade data centre. Also, the Firepower firewalls are also available as a virtual firewall to enable security in private and/or public cloud environments.
A cornerstone of SASE is SD-WAN. Cisco SD-WAN solution provides threat protection and visibility to guard against major web-based attacks. Delivered using cloud security with Cisco Umbrella or by the built-in capability of the router, the solution lays the foundation for a secure access service edge (SASE)-based architecture for enterprises.
The Cisco Umbrella provides secure access regardless of where the resource user is located. Whether it be in the office, at home or on the road, Cisco Umbrella provides the same security posture for all scenarios. Cisco Umbrella combines DNS-layer security with Secure web gateway for client to server communications. CASB and cloud-delivered firewall (CDFW) provide security from the server side.
The Cisco security suite also extends into the Secure Endpoint field with AMP for Endpoints. This Endpoint Detection & Response (EDR) solution integrates with other products from the Cisco security suite and forms a single pane of glass showing the current security posture. Any incident observed on the network or endpoint can be mitigated on the endpoint but also on security enforcement points such as the network and firewalls. The Cisco solution is therefore a holistic solution following the ‘Best of Suite’ strategy.
2. Fortinet FortiGate
Having been recognized for the 11th time in the Magic Quadrant for Network Firewalls, FortiGates are NGFWs worth considering. By integrating security and SD-WAN functionality and by offering Unified Threat Management, Fortinet minimises firewall management complexity while helping to reduce costs.
The FortiGate 60 series is one of the best selling next generation firewalls on the market. The FortiGate firewalls are high-performing appliances for improved network security. Besides the prevention and detection capabilities for known and unknown threats using threat intelligence, FortiGates also provide Cloud Security features such as integrations for multi-cloud environments (supporting the top 7 Infrastructure-as-a-Service providers), WAN Edge capabilities for enterprise branches, and protection against malware, exploits and malicious websites in both encrypted and unencrypted traffic.
Recently, Fortinet introduced the FortiGate 80F, a NGFW with SD-WAN. With this release, Fortinet provides a new generation of this product line that includes the addition of one of their most innovative features to date: a full-featured SD-WAN and NGFW solution, powered by the new SOC4 security processor.
Fortinet ensures continuous innovation, providing customers with access to cutting edge security tools they need to enable digital business success. The Fortinet next generation firewalls are high-performance appliances adding intrusion prevention, application control, and anti-malware to the traditional firewall-VPN combination. This NGFW vendor provides one platform for end-to-end security across your network.
3. Palo Alto Networks PA-Series
Palo Alto was recognized by Gartner for nine consecutive years as a Leader in its Magic Quadrant for Network Firewalls. In addition, Palo Alto is considered a Leader in the Forrester Wave in Q3 2020.
Palo Alto Networks' Next Generation firewalls consist of physical appliances, virtualized firewalls and 5G-ready firewalls. They are all based on a consistent Single-Pass Architecture and inspect all traffic, including all applications, threats, and content, and tie that traffic to the user, regardless of location or device type.
With its shared threat intelligence across the ecosystem, Palo Alto Networks keeps information up to date for the firewall. Palo Alto's PA-series' Next Generation firewalls reduce response times with automated policy-based actions, and you can automate workflows via integration with administrative tools, such as ticketing services, or any system with a RESTful API. Key capabilities of Palo Alto Networks Firewalls are secure access for all users irrespective of location, secure encrypted traffic, detection and prevention of advanced threats, as well as WildFire, which detects unknown threats with data from a global community and automatically blocks them. The Palo Alto firewalls also offer features to identify users and to block access to known phishing sites via URL filtering and stopping users from submitting corporate credentials to unknown sites. After acquiring Aporeto, a micro segmentation company using machine identities to restrict network traffic, Palo Alto Networks is reorienting itself for the cloud era.
4. Juniper Networks SRX Firewall series
The Juniper Networks SRX Series NGFWs combine high-performance security with integrated services for application security, intrusion protection and advanced threat detection for organizations of all sizes. In addition to its SRX hardware, Juniper offers the vSRX virtual firewall and the cSRX for containerized environments.
Juniper Advanced Threat Prevention (ATP) finds and blocks both known and unknown cyber threats on the network. It uses the Juniper security intelligence feed SecIntel, along with sandboxing and machine learning to identify day-one threats.
ATP can be deployed as a cloud service add-on to the SRX Series firewall or as an on-premises JATP Appliance that collects and processes security issues identified by the SRX Series. In both deployment types, you can set up policies on the SRX to block threats flagged as malicious.
The on-premises devices ingest and analyze data from any third-party firewall or security data source. This enables enterprises to respond to threats with one touch, detect malware and it also helps avoid vendor lock-in. With Juniper's ATP platform as an open ecosystem, it works in conjunction with any firewall and SIEM. This makes it very compatible and it can be used right away in an environment. Detection and analysis as well as automation also enable the ability to do one-touch mitigation. A pretty unique way of approaching advanced malware.
Juniper Networks SRX next generation firewalls use information from Juniper’s Sky Advanced Threat Protection cloud-based service and third-party GeoIP feeds to block malicious activities as they enter or traverse the network. It also provides application visibility and control, IPS and user-based application policies, plus unified threat management (UTM) to protect and control your business assets.
5. Check Point Advanced Threat Protection
Check Point’s portfolio includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection. It supports Application Inspection and Control, as well as hybrid cloud support. Founded in 1993, Check Point pioneered Firewall technology and is considered an information security market leader.
Check Point is well known in the carrier space with over 2500 communication service provider (CSP) customers worldwide. The vendor also offers inspection on all LTE protocols, including GTP, SCTP and Diameter. This provides integrated security for LTE networks, protecting IP internet connectivity for devices with IPv4 and IPv6 addresses with the most scalable carrier-grade NAT (CGNAT) firewall.
Check Point’s enterprise firewall product line includes 17 appliances and two chassis for hardware blades, scaling up to 400 Gbps. It can also be delivered as a virtual appliance, deployed on VMware, Amazon Web Services (AWS), OpenStack and Microsoft Azure, or delivered as software.
Interested to know more about Next Generation Firewalls?
Do you want to know more about one or more of the above Next Gen Firewalls? Are you replacing your current firewalls? Or do you have a project planned on NGFW? Don't hesitate to contact us. We are happy to provide you the information you need to make the right choice. Give us a call or send us a message and we will get back to you soon.
8 December 2020
Get in touch with us today
Do you want to learn more about this subject, or do you have specific questions? Give us a call or leave a message.