Enterprise firewall protection: Where it stands, where it's headed
A comprehensive collection of articles, videos and more, hand-picked by our editors
The data from deep packet inspection also provides valuable log information that is helpful for security incidents...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
and policy implementation.
When the firewall reads and interprets each packet, however, the tool must consume CPU cycles. The inspection process thus takes longer than those of traditional packet-filtering firewalls and may slow down network performance.
Another disadvantage of application firewalls is that each protocol, such as HTTP, SMTP, etc., requires its own proxy application, and support for new network applications and protocols can be limited or slow to emerge. Although most firewall vendors provide generic proxy agents to support undefined network protocols or applications, the agents tend to simply allow traffic to tunnel through the firewall, negating many of the reasons for having an application firewall in the first place.
Also the increased sophistication of these firewalls makes them generally more expensive, especially compared to packet-filtering firewalls that have very little impact on network performance and are application-independent. Finally, as with any new device, Web application firewalls have installation, configuration and training needs that must be assessed.
It's easy to understand why some are hesitant about deploying an application-level firewall, particularly if time and budget restrictions are involved. However, for those running Web applications in a hostile environment, then an application-layer firewall's additional protection has become almost mandatory. I would therefore suggest defining exactly what the firewall is needed for, as this will determine the features that are require. To choose a firewall, answer the following questions:
Developing an understanding of how different types of Web application attacks are carried out will help with this exercise. If you are short on firewall expertise, then ease of installation and configuration will be an important factor in the choice of firewall. Also, talk to any possible vendor about the level of support that they provide during installation, as well as throughout the deployment lifecycle of the firewall.
Related Q&A from Michael Cobb
Amazon disabled native encryption capabilities in the latest Fire OS version. Expert Michael Cobb explains what this means for security, and if ...continue reading
A pirated app called Happy Daily English beat Apple's App Store security review. Expert Michael Cobb explains how it works and what security teams ...continue reading
The Lenovo SHAREit file-sharing app has a hardcoded password vulnerability, among other issues. Expert Michael Cobb explains these flaws and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.