January 03, 2011, 9:57 AM — What should enterprises expect if they want to make the transition from a traditional firewall to a next-generation firewall? It starts with a decidedly different way of thinking about security goals associated with a firewall, especially in terms of establishing application-aware controls over employees as they access the Internet, the Web and social networking sites. (See Unbatten the hatches.)
"There is a chasm to cross," acknowledges Patrick Sweeney, vice president of product management at SonicWall. The old way of talking about traditional port-based firewalls, with system administrators discussing the "language of protocols," is inadequate. Companies need to adopt a more business-focused vocabulary, related to application use, that's common to the CIO, CFO and CEO. "There has to be unification of the languages they speak," Sweeney says.
That's because the new generation of fast, intelligent firewalls are application-aware, enabling enterprises to establish and enforce identity-based application usage policies for employees. So-called next-generation firewalls (NGFW) also incorporate VPN capabilities, perform intrusion prevention sweeps of traffic, have the brains to use technologies such as reputation filtering, and integrate with Active Directory for identity and policy management.
That's the definition put out by research firm Gartner as well as several vendors -- including Palo Alto Networks, McAfee, Check Point, Fortinet, Barracuda Networks and SonicWall - that have embraced the NGFW term to describe their firewall products.
While the NGFW wave is at least three years old, Gartner acknowledges that actual use is still very low today, even less than 1%. Looking ahead, Gartner optimistically predicts NGFW adoption will grow to 35% by 2014.