Pakhnyushchyy - Fotolia
I was reading an article that the future of the firewall was uncertain at best because of the move to cloud computing. As an organization that uses the cloud and SDN and embraces BYOD employees, how should we approach our next firewall upgrade/purchase? Which particular features should we search for to find the best firewall for our environment?
Things are as dynamic as ever with enterprise networks and business operations alike, so you have a very valid concern. Both cloud and mobile have changed not only the way we look at the traditional network perimeter, but also how we look at protecting information altogether. I'm not convinced the firewall is dead -- as some have proclaimed -- and I certainly don't believe it's going away anytime soon.
Certain environments and even certain types of businesses will no doubt evolve into a hybrid or cloud-only environment that no longer require traditional network firewalls. I also think that we'll see a greater focus on moving security controls closer to the information on the endpoints and within the application environments themselves. However, I still believe that, for the foreseeable future anyway, there will be plenty of use cases for good old-fashioned firewall protection at the network perimeter.
As for your approach, it's no different than any other security technology you're considering. You need to step back and look at what you're trying to accomplish from a higher level, determine your enterprise's unique risks, and then deploy the technology (or technologies) that are most appropriate for what you need.
Based on this information, it sounds like you at least need to consider a next-generation firewall from a vendor such as Palo Alto Networks Inc. or Fortinet Inc., or a next-generation intrusion prevention system from a vendor such as Sourcefire (Cisco) or F5 Networks Inc. that offers enhanced capabilities to get more granular security controls that lock down the application layer, mobile and cloud.
Ask the Expert!
Perplexed about network security? Send Kevin Beaver your questions today! (All questions are anonymous.)
Get help conducting a next-generation firewall assessment
Learn more about next-generation intrusion prevention
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Kevin Beaver
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading