There are three different areas a firewall must preform well in – security functions, operations, and performance. The security functional elements correspond to the efficacy of the security controls, and the ability for enterprises to manage risk associated with network traffic. From an operations perspective, the big question is: “where does application policy live, and how hard or complex is it to manage?” The performance difference is simple: can the firewall do what it’s supposed to do at the throughput it’s supposed to do it?
The Ten Things Your Next Generation Firewall Must Do are:
1. Identify and control applications on any port
2. Identify and control circumventors
3. Decrypt outbound SSL
4. Provide application function control
5. Scan for viruses and malware in allowed collaborative applications
6. Deal with unknown traffic by policy
7. Identify and control applications sharing the same connection
8. Enable the same application visibility and control for remote users
9. Make network security simpler, not more complex with the addition of application control
10. Deliver the same throughput and performance with application control active
The ten things described here are critical capabilities for putting the necessary controls in place – especially in the face of a more varied and rich application and threat landscape. Without the network security infrastructure to cope with that variety and depth, security teams cannot safely enable the necessary applications and manage risk for their enterprises.
Content sourced from our partner Palo Alto, an industry leader in firewalls and network security. To learn more about how CrossRealms partners with Palo Alto to bring you the most comprehensive and customized network security, visit our network security page. To read the full Palo Alto white-page, click here.