How an NGFW Works
Firewalls define network boundaries. All traffic passing through an NGFW is inspected by that firewall. This inspection allows the firewall to apply security policy rules which permit or block traffic.
An NGFW builds on the capabilities of a traditional firewall by incorporating additional features. For example, an NGFW operates at the application layer of the TCP/IP stack to apply intrusion prevention system (IPS), antimalware, sandboxing and other protections. These functions allow an NGFW to identify and block advanced threats before they pose a risk to corporate systems.
Why Do You Need an NGFW?
Today’s threat landscape consists of modern Gen V cyberattacks which are sophisticated and organized, automated attack campaigns that target multiple attack vectors using advanced tactics and techniques to gain access to corporate environments.
Blocking these attacks at the network perimeter is essential to minimizing the potential risk to the organization. However, traditional firewalls lack the in-depth network traffic visibility to identify and prevent these attacks. An NGFW’s array of integrated network security controls makes it a robust first line of defense against these threats.
Additionally, NGFWs can be used as part of a network segmentation strategy. By dividing the corporate network into zones and forcing cross-zone traffic to pass through an NGFW, an organization provides itself with multiple opportunities to detect and remediate threats before they reach their intended goals. This internal security is essential when account takeover, supply chain, and similar attacks grant hackers a foothold within an organization’s network.
NGFW vs Traditional Firewall
Traditional firewalls and NGFWs are both designed to identify and block malicious or unwanted traffic from crossing network boundaries. However, they do so at different levels of the TCP/IP network protocol stack.
Traditional firewalls operate primarily at the TCP and IP levels of the protocol stack. By inspecting the IP addresses and port numbers of inbound and outbound packets, they limit the types of traffic that enter and leave the protected network. However, their lack of visibility into the content of network packets leaves them blind to many modern threats.
NGFWs, on the other hand, operate at the application layer of the protocol stack. With an understanding of application traffic and the ability to decrypt encrypted traffic streams, they can identify and control that application traffic and in addtion, block a greater range of threats.
NGFWs also incorporate user and machine identity into the security policy vs. a traditional IP and services port based firewall policy. This better captures business intent and provides more visibility into traffic patterns within an organization.
NGFW Capabilities
As the very foundation of a corporate network security strategy, NGFWs are responsible for protecting the corporate network against inbound threats and enforcing network segmentation, which is a cornerstone of an effective zero-trust security strategy.
To achieve these goals, a modern NGFW must include the following core features:
- Application and User Control: A NGFW has visibility into application-layer network traffic and various users on the network. This allows the NGFW to enforce granular, zero-trust access controls.
- Encrypted Traffic Inspection: NGFWs support the decryption and inspection of HTTPS encrypted tunnels. This enables them to overcome the use of encryption to hide malware delivery and command and control traffic.
- Integrated IPS: An integrated IPS is one of the core features that differentiate an NGFW from traditional firewalls. An IPS dramatically expands an NGFW’s ability to identify and block network-based exploits that target vulnerable applications and systems.
- Advanced Malware Detection: Modern malware is crafted to avoid signature-based detection schemes. NGFWs incorporate advanced malware detection capabilities, including the use of sandbox analysis to examine malicious and suspicious files.
- Threat Intelligence Feeds: Threat intelligence feeds provide insight into new and evolving cyberattack campaigns. Integrating threat intelligence enables NGFWs to leverage indicators of compromise (IoCs) to identify and block new attacks.
Types of NGFW
A variety of NGFWs exist and are designed for different environments and use cases. Some examples include rugged firewalls, small and branch office firewalls, enterprise firewalls, data center firewalls, hyperscale network security, cloud firewalls, and Firewall as a Service (FWaaS) solutions.
NGFW with Quantum
Firewalls come in a variety of forms, and choosing the right one can be difficult. While an NGFW is essential for protection against modern threats, the various NGFW offerings are specialized for different use cases.
To learn more about how to evaluate NGFW solutions and what features to look for in a firewall, check out this buyer’s guide to NGFWs. Then, sign up for a free demo of Check Point Quantum NGFW to learn how Check Point NGFWs can offer enhanced security to your users and devices regardless of location.
