Citrix Application Firewall (2008)
Citrix Systems' Citrix Application Firewall utilizes what the vendor calls a positive security model that establishes a baseline of approved application behavior, and any application traffic deviating is blocked.
"There are no concerns with zero-day attacks, which can be an issue for products that rely on signatures or blacklists for protection," says Citrix product manager Morgan Gerhart.
Readers gave Citrix Application Firewall good marks for its threat protection and integration with other security tools for reporting and remediation. It can be purchased standalone, or as a module on the Citrix NetScaler Application Delivery System.
Gerhart says the vendor plans enhancements around integration, simplicity and performance, in particular, addressing performance issues for smaller companies running the firewall on an entry-level server. Future versions will also look at XML traffic and SOA applications.