Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Next Generation Firewall: Looking Back to See Ahead

This year, the network security industry celebrated the 25th anniversary of the firewall.

This year, the network security industry celebrated the 25th anniversary of the firewall. Packet filtering technology developed following the devastating MS-DOS “Brain” virus – and the Internet-distributed “Morris” worm, evolved into the first stateful firewall in 1989.  I’ve been entrenched in this type of filtering security for decades, so I’ve seen the evolution and its impact on overall enterprise network security.  Looking back at the ‘lifetime’ of events (below) and the incidents that triggered the so-called evolution is extremely interesting – highlighting just how reactive our industry is when it comes to security attacks and data breaches.

The Bandages of Progress

After 25 years, I see how often security companies quickly try to “bolt-on” new features to existing platforms as a way to stop the bleeding that results from the latest attacks.  The triage works – so the bandages stay in place.  This hastily pieced together technology becomes the upgraded version 2.0, then 3.0 and so on. This type of development approach was on my mind when the topic of Next Generation Firewall started surfacing. A true NGFW according to Gartner was defined as follows:

“…deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or non-enterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated.”

Installing a GPS in a Model T Ford

It is vital to offer connected security and, of course, time is always of the essence.  Most companies think, “We could build something in-house, but this would simply be an act of triage – bandaging up our current firewall to ensure that the latest intrusions and advanced malware cannot get through the wounds.”  What organizations truly need is a purpose-built solution designed from the ground up to really combat the influx of advanced threats.  In my mind, simply modifying the old technology to combat new threats was the equivalent of installing a sophisticated GPS in a Model T Ford.  The GPS can give you excellent direction, but can do nothing to improve the performance of the automobile – now or in the future.

NGFW: Built for a Purpose

When organizations are looking to be at the forefront of innovation efforts, they embark on a quest to find a true NGFW provider. They should also be cautious and look to find a security engine built to protect from new threats and targeted attacks including Advanced Evasion Techniques (AETs). AETs enable malware to circumvent virtually all security defenses – rendering most security solutions defenseless because they can’t detect, much less stop them. This is a vital piece of the puzzle. Also, having extremely high bandwidth and throughput is a critical attribute for 10Gbps campuses and 40/100Gbps data center networks.

Performance and Power

Businesses need a NGFW that delivers real-world performance and massive scalability. A unified-core software architecture delivers outstanding ASIC-compatible performance, with flexibility to install as a hardware appliance, software solution, or virtual appliance format.  Native clustering is also necessary to provide massive scalability and high availability in large and critical environments. Equally important is that inspection goes beyond identifying application traffic and threats.

A Protection Connection

I believe that being connected is critical and that all the elements of an organization’s security platform should work in concert together to provide adaptive security for the entire environment. When adaptive security is implemented it enables operational elements within the organization to present a much more sustainable and relevant security posture.   Relevant events boil to the top, information turns into intelligence, intelligence becomes actionable, mundane tasks become automated, and the environment begins to effectively arm itself and adapt to threats as they evolve.

In this connected environment, defenses are available no matter where the attack happens in an infrastructure. Through this model organizations gain the capacity to see, impact, and enforce endpoint remediation.

Centralized Management Matters

Having centralized management that runs on Linux or Windows clients provides a “single pane of glass” view that reduces the amount of resources needed to configure and manage firewalls. IT professionals should have the freedom to, “configure once, deploy anywhere” meaning they can configure policies centrally and deploy out to hundreds of devices at once — significantly reducing administration time. Having a central repository of NGFW configurations, enable shared rules and configuration reuse. Additionally, having extensive task automation workflows to enable one-step configuration for optimal management efficiency is becoming essential. To an administrator, a good management console should provide advanced network visualization and an intuitive user experience.

That was Then, This is Now

This not your father’s Model T with a cool GPS on the dash. A connected NGFW can be so much more than a patched together version from the past. As an IT security professional, I’m excited that the next 25 years will be a time where we will redefine what network protection really looks like. This “next” generation is just the beginning.

History of the Firewall Infographic

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...