Many enterprises believe next-generation firewalls (NGFWs) are table stakes for protecting the corporate network today, and they are. But they don’t provide the whole answer. As network boundaries blur and threats become more pervasive and sophisticated, firewalls that protect only applications or network traffic are becoming less effective.
This is especially true as more enterprises deploy game-changing mobile, cloud and emerging Internet-of-Things (IoT) technologies. With more types of users leveraging a variety of public and private networks to access critical data residing everywhere from an internal data center to a provider-managed SaaS application, network boundaries are blurring fast.
And just as network attack surfaces expand, attacks against it are becoming more targeted, sophisticated and complex.
Consider the infamous Target breach, which exploited a less-than-secure third-party partner to gain access. Or, the more recent attack against the Bangladesh central bank, where attackers exploited weaknesses in the SWIFT network to steal trusted user authentication data and make off with $81 million. Attackers know the weak points inherent in borderless networks, and they continually launch complex attacks to exploit them.
To compensate, many companies deploy NGFWs. These newer firewalls provide both the range of stateful network and application capabilities inherent in unified threat management (UTM) firewalls with the scalability, processing power and granularity of controls required by large enterprises. Unfortunately, as enterprise networks evolve, NGFWs alone aren’t enough, because they:
Pack too much into one tool: Collapsing multiple security functions (stateful network plus application inspection, including IPS, web filtering, antispam and antivirus) into a single firewall unit leads to misconfiguration, missed log incidents and increases the chances a breach will go undetected.
Don't solve complexity problem: Using NGFWs along with a variety of point solutions to shore up security at the mobile, cloud and IoT level means deploying, managing and monitoring too many tools, using too many different user interfaces and competing alert schemes. Once again, a lack of centralized security means breaches can more easily fly under the radar undetected.
A Better Approach
What companies really need is a way to integrate comprehensive NGFW technology into a more specialized-yet-collaborative defense strategy. This means using:
The right tool for the job: Rather than force-fitting too many features into one device, the best security considers where a firewall is deployed – at the data center, the cloud or internal network segment – and allows IT to tailor the performance and security inspection technologies to fit.
Increasing collaboration: The best tools are designed to protect certain layers – data center, cloud, mobile, etc. – but also can communicate and collaborate with other tools at other layers. This way, network and security intelligence is shared across domains and toolsets, enabling organizations to centrally apply security policies and manage security events end-to-end from a single pane of glass.
Fortinet’s Enterprise Firewalls do just that. Used as part of Fortinet’s Security Fabric, they can be deployed at exactly the right spot, with exactly the right features, all while working closely with other tools in the fabric to deliver high-performance bulletproof network security, no matter where or when it’s needed. A Fortinet partner, Resilient can deliver the advantages of a modern, collaborative security platform with best-in-class next generation security technology. Learn more.