What is next-generation firewalls?
Next generation firewalls are a class of firewalls, implemented in either software or hardware, capable of detecting and blocking sophisticated attacks by enforcing security measures at the protocol, port, and application level.
The difference between a standard firewall and next-generation firewalls is that they do a more thorough audit and in a smarter way. Next-generation firewalls also offer additional functions such as support for Active Directory integration, SSH and SSL checks, and malware filtering based on reputation.
The usual functions in conventional firewalls such as government inspection, virtual private network and packet filtering are also present in next-generation firewalls. Next-generation firewalls are better able to detect application-specific attacks than standard firewalls and can thus prevent more malicious intrusions. They perform a full package scan by checking the signatures and payload of packages for anomalies or malware.
Next-generation firewalls are also more application-sensitive and offer different techniques for identifying different applications, including web-based ones. They save the details of approved applications and examine the data packets for problems. They also maintain a base for deviations from normal application behavior, which can help system administrators.
Next generation firewalls are expected to offer:
- All conventional firewall functions
- Identification of unwanted encrypted applications using SSL decryption
- Granular control and application awareness
- Continuous operation with respect to in-line bump in the wire configuration
- Integrated prevention techniques against network intrusions
- Ability to use intelligence to improve blocking decisions
- An integrated, signature-based intrusion prevention engine