December 01, 2010, 9:43 PM — The traditional port-based enterprise firewall, now looking less like a guard and more like a pit stop for Internet applications racing in through the often open ports 80 and 443, is slowly losing out to a new generation of brawny, fast, intelligent firewalls.
The so called next-generation firewall (NGFW) describes an enterprise firewall/VPN that has the muscle to efficiently perform intrusion prevention sweeps of traffic, as well as have awareness about the applications moving through it in order to enforce policies based on allowed identity-based application usage. It's supposed to have the brains to use information such as Internet reputation analysis to help with malware filtering or integrate with Active Directory.
But how long will it take for the NGFW transition to truly arrive?
Start-up Palo Alto Networks is regarded as the first vendor to have donned the mantle of NGFW with its line of multi-purpose application-aware security appliances in 2007 and today has more than 2,200 customers. Vendors Fortinet, Cisco, Check Point, McAfee and Barracuda Networks, among others, have been expanding or re-tooling their firewall products as well to fit the image. In addition, IPS vendor Sourcefire has said it will have an application-aware firewall with IPS out next year. But despite all this, actual use of these advanced firewalls today is still very low, according to Gartner which has touted NGFW for the past few years.
"Today we believe that less than 1% of interconnections secured today are using NGFW," says Gartner analyst Greg Young. But he predicts that number will hit 35% by 2014.