Next-Generation Firewalls Poised to Eclipse Intrusion Prevention Systems

P. Musich
P. Musich

Summary Bullets:

  • Readers who are considering adding new IPSs to their network should ask what their suppliers’ plans are for next-generation firewall (NGFW) features and how far along they are in delivering those.
  • Additional features that come with a NGFW make it a more complex security tool to manage, and enterprises should be prepared to invest in training should they plan to add NGFWs to their arsenal.

Are standalone IPSs becoming the next stateful packet inspection firewall (i.e., an old perimeter security technology that is required but no longer sufficient for protecting enterprise networks)?  Sophisticated and well-financed malware writers consistently find new ways of getting around existing and well-understood security controls such as the firewall and IPS, even as those suppliers race to keep up with the constantly changing threat landscape.  The result has been a constant stream of breach headlines (too many being rather spectacular) that all point to the rise of the so-called ’advanced persistent threat’ (APT).  Enterprises looking to address such threats are coming to embrace the NGFW and the greater application and user context it brings to the fight against more sophisticated cyber attacks.  The NGFW integrates the functions of a stateful firewall and IPS with the ability to identify applications and application-level attacks and apply granular policies to applications usage.  One forecast puts the IPS market at $2 billion by 2014, while the NGFW market is projected to reach $4 billion by 2014. Continue reading “Next-Generation Firewalls Poised to Eclipse Intrusion Prevention Systems”