Our company is about to purchase a new firewall, and we've narrowed the field down to three vendors. What criteria...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
should we use to evaluate the finalists? Are there best practices for choosing the right enterprise firewall product?
First and foremost, consider the functionality of the firewall. The good news for those deciding between products is that mainstream firewalls all have the same core functions. Each performs stateful inspection packet filtering and allows the implementation of basic perimeter defenses. I recommend honing in on functional requirements. Ask yourself: Do you need to emphasize network throughput or enhanced security features?
One major point of differentiation between firewalls is their ability to perform application-layer inspection. Many firewalls simply don't have application-layer inspection, while others implement basic functionality (such as URL filtering). Some products, like Secure Computing Corp.'s Sidewinder G2 firewall and F5 Networks' BIG-IP Application Security Manager, have deep application inspection capabilities. These types of firewalls allow for complex application rule bases that limit the types of actions carried out over a connection. For example, you might limit inbound HTTP requests from the Internet to GET commands, while internal users might be able to issue POST commands. This functionality allows you to protect the enterprise against application-based attacks as well as network-based attacks.
Finally, consider the vendor itself. When investing in a firewall product, you're making a long-term decision. The financial commitment is only the tip of the iceberg; your firewall administrators will invest significant time and energy building and customizing a rule base for that particular product. In general, rule bases are not portable between platforms, so any future platform change will require a substantial commitment of human resources, so it's wise to make sure the vendors on your short list are all stable companies with solid financials. You certainly don't want to get on board a sinking ship.
Dig Deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.