Our company is about to purchase a new firewall, and we've narrowed the field down to three vendors. What criteria...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
should we use to evaluate the finalists? Are there best practices for choosing the right enterprise firewall product?
First and foremost, consider the functionality of the firewall. The good news for those deciding between products is that mainstream firewalls all have the same core functions. Each performs stateful inspection packet filtering and allows the implementation of basic perimeter defenses. I recommend honing in on functional requirements. Ask yourself: Do you need to emphasize network throughput or enhanced security features?
One major point of differentiation between firewalls is their ability to perform application-layer inspection. Many firewalls simply don't have application-layer inspection, while others implement basic functionality (such as URL filtering). Some products, like Secure Computing Corp.'s Sidewinder G2 firewall and F5 Networks' BIG-IP Application Security Manager, have deep application inspection capabilities. These types of firewalls allow for complex application rule bases that limit the types of actions carried out over a connection. For example, you might limit inbound HTTP requests from the Internet to GET commands, while internal users might be able to issue POST commands. This functionality allows you to protect the enterprise against application-based attacks as well as network-based attacks.
Finally, consider the vendor itself. When investing in a firewall product, you're making a long-term decision. The financial commitment is only the tip of the iceberg; your firewall administrators will invest significant time and energy building and customizing a rule base for that particular product. In general, rule bases are not portable between platforms, so any future platform change will require a substantial commitment of human resources, so it's wise to make sure the vendors on your short list are all stable companies with solid financials. You certainly don't want to get on board a sinking ship.
Dig Deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.