Pakhnyushchyy - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What's the best firewall for cloud, SDN and mobile environments?

As the enterprise grows more mobile and virtualized, finding the best firewall can be challenging. Expert Kevin Beaver advises how to find your enterprise's most effective option.

I was reading an article that the future of the firewall was uncertain at best because of the move to cloud computing. As an organization that uses the cloud and SDN and embraces BYOD employees, how should we approach our next firewall upgrade/purchase? Which particular features should we search for to find the best firewall for our environment?

Things are as dynamic as ever with enterprise networks and business operations alike, so you have a very valid concern. Both cloud and mobile have changed not only the way we look at the traditional network perimeter, but also how we look at protecting information altogether. I'm not convinced the firewall is dead -- as some have proclaimed -- and I certainly don't believe it's going away anytime soon.

Certain environments and even certain types of businesses will no doubt evolve into a hybrid or cloud-only environment that no longer require traditional network firewalls. I also think that we'll see a greater focus on moving security controls closer to the information on the endpoints and within the application environments themselves. However, I still believe that, for the foreseeable future anyway, there will be plenty of use cases for good old-fashioned firewall protection at the network perimeter.

As for your approach, it's no different than any other security technology you're considering. You need to step back and look at what you're trying to accomplish from a higher level, determine your enterprise's unique risks, and then deploy the technology (or technologies) that are most appropriate for what you need.

Based on this information, it sounds like you at least need to consider a next-generation firewall from a vendor such as Palo Alto Networks Inc. or Fortinet Inc., or a next-generation intrusion prevention system from a vendor such as Sourcefire (Cisco) or F5 Networks Inc. that offers enhanced capabilities to get more granular security controls that lock down the application layer, mobile and cloud.

Ask the Expert!
Perplexed about network security? Send Kevin Beaver your questions today! (All questions are anonymous.)

Next Steps

Get help conducting a next-generation firewall assessment

Learn more about next-generation intrusion prevention

This was last published in January 2015

Dig Deeper on Network device security: Appliances, firewalls and switches