Pakhnyushchyy - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What's the best firewall for cloud, SDN and mobile environments?

As the enterprise grows more mobile and virtualized, finding the best firewall can be challenging. Expert Kevin Beaver advises how to find your enterprise's most effective option.

I was reading an article that the future of the firewall was uncertain at best because of the move to cloud computing. As an organization that uses the cloud and SDN and embraces BYOD employees, how should we approach our next firewall upgrade/purchase? Which particular features should we search for to find the best firewall for our environment?

Things are as dynamic as ever with enterprise networks and business operations alike, so you have a very valid concern. Both cloud and mobile have changed not only the way we look at the traditional network perimeter, but also how we look at protecting information altogether. I'm not convinced the firewall is dead -- as some have proclaimed -- and I certainly don't believe it's going away anytime soon.

Certain environments and even certain types of businesses will no doubt evolve into a hybrid or cloud-only environment that no longer require traditional network firewalls. I also think that we'll see a greater focus on moving security controls closer to the information on the endpoints and within the application environments themselves. However, I still believe that, for the foreseeable future anyway, there will be plenty of use cases for good old-fashioned firewall protection at the network perimeter.

As for your approach, it's no different than any other security technology you're considering. You need to step back and look at what you're trying to accomplish from a higher level, determine your enterprise's unique risks, and then deploy the technology (or technologies) that are most appropriate for what you need.

Based on this information, it sounds like you at least need to consider a next-generation firewall from a vendor such as Palo Alto Networks Inc. or Fortinet Inc., or a next-generation intrusion prevention system from a vendor such as Sourcefire (Cisco) or F5 Networks Inc. that offers enhanced capabilities to get more granular security controls that lock down the application layer, mobile and cloud.

Ask the Expert!
Perplexed about network security? Send Kevin Beaver your questions today! (All questions are anonymous.)

Next Steps

Get help conducting a next-generation firewall assessment

Learn more about next-generation intrusion prevention

This was last published in January 2015

Dig Deeper on Network device security: Appliances, firewalls and switches

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

There is no point at all in buying a closed-source firewall. It's worse than having no firewall at all because you get a false sense of security.

You can never trust a binary.

If Cisco, or Palo Alto Networks or any other vendor gives you all the source code (including for the firmware), so you can compile and install it all yourself - and, importantly, get an expert to check for trapdoors, hidden passwords and other potential malware - then you can use it.

Otherwise only get open source firewalls - you can run them on a linux box.
Great point Fustbariclation. It's also been a bit hard trusting open source as of late, no? ;-) The trouble is not everyone has the time nor skills to setup and maintain a Linux-based firewall. In an ideal world, I suppose, everything would be open source but the world isn't quite that simple. Perhaps one day we'll find a good balance of free market, commercial solutions and free will-centric open source solutions where all information can be free. Until then, I advise people who have minimum resources and maximum risks to go with a proven commercial solution that's going to help stabilize their environment so reasonable security can be attained.