Why next-generation firewalls will probably be important to a zero-trust world

Subsequent-generation firewalls (NGFWs) are integral to the way forward for zero-trust safety. Gartner defines NGFWs as “deep-packet inspection firewalls that transfer past port/protocol inspection and blocking so as to add application-level inspection, intrusion prevention, and bringing intelligence from outdoors the firewall.” Persevering with its definition, Gartner advises that “an NGFW shouldn’t be confused with a stand-alone community intrusion prevention system (IPS), which features a commodity or nonenterprise firewall, or a firewall and IPS in the identical equipment that isn’t carefully built-in.” 

As famous by Forrester, “NGFWs are the cornerstone of zero belief.” In a zero-trust community, NGFWs act as segmentation gateways, “taking safety controls present in particular person level merchandise (firewalls, intrusion prevention programs, internet utility firewalls, content material filtering gateways, community entry controls, VPN gateways, and different encryption merchandise) and embedding them in a single resolution.”

Investing closely in AI and machine studying 

NGFW distributors are doubling down on R&D investments in synthetic intelligence (AI) and machine studying (ML) to distinguish themselves and ship extra worth as a part of enterprise zero-trust safety initiatives. The main focus areas of growth are automated risk detection and response; consumer and machine conduct evaluation; superior utility management; and predictive analytics to determine potential safety threats earlier than they happen. By leveraging AI and ML, NGFWs can constantly study and adapt to the altering risk panorama, offering a more practical zero-trust strategy to defending in opposition to cyberattacks.

>>Don’t miss our particular situation: Zero belief: The brand new safety paradigm.<<

“Firewall distributors retooled their portfolios to use synthetic intelligence, vendor-delivered companies, and associate service for community safety. Synthetic intelligence is beginning to ship each safety efficacy and configuration steering,” stated David Holmes, senior analyst in The Forrester Wave™: Enterprise Firewalls This fall 2022 report. “Palo Alto Networks‘ new policy-creation wizards use AIops to constantly suggest greatest practices on any change, successfully offering real-time guardrails to the consumer,” Holmes writes within the Forrester report. 

Main suppliers of NGFWs that assist zero belief embody Barracuda Networks, Verify Level Software program Applied sciences, Cisco, Forcepoint, Fortinet, Juniper Networks, Palo Alto Networks, SonicWall, Sophos and WatchGuard. 

How firewalls contribute to zero belief 

Total, next-generation firewalls are important for enterprises pursuing zero-trust safety; they assist implement strict entry controls, phase the community and defend in opposition to cyberthreats. NGFWs contribute to zero-trust safety by offering the next: 

Superior risk safety and visibility to implement least privileged entry

NGFWs’ machine firmware and, for a lot of distributors, native silicon, too, are designed to be regularly up to date with enhancements towards extra granular management over who has entry to a given useful resource, for a way lengthy, from which units and utilizing which particular privileged entry credential. Updates are delivered in milliseconds and clear to directors, assuaging the necessity for IT groups to carry out patch administration.

NGFWs that may combine into zero-trust environments have automated patch updates to their firmware, which preserve present their IPS, utility management, automated malware evaluation, IPsec tunneling, TLS decryption, IoT safety and community site visitors administration (SD-WAN). 

Offering microsegmentation to cut back the assault floor of an enterprise community

Subsequent-generation firewalls could be configured to offer microsegmentation, organizing networks into smaller, extra granular safety zones that scale back the assault floor of an enterprise’s community.

NGFWs monitor and examine site visitors for threats and anomalies in actual time, then act on them based mostly on the logic and guidelines outlined throughout implementation.

This will embody blocking malicious site visitors, quarantining contaminated units and alerting safety personnel to potential threats.

Integration with different zero-trust safety platforms, apps and instruments

Main NGFW suppliers generally publish open APIs designed to streamline the mixing of their programs throughout enterprise tech stacks. NGFWs are most frequently built-in with utility gateways and safety data and occasion administration (SIEM) programs so safety groups can acquire a extra complete view of the community and its safety posture. This can assist enterprises to detect and reply to safety threats extra successfully.

Person- and machine identity-based controls prohibit entry to particular areas of a company community

NGFWs use entry controls which can be based mostly on the id of the consumer or machine trying to entry the community.

For instance, an NGFW could be configured to permit or block entry to sure sources or areas of the community based mostly on the consumer’s position, job perform or the kind of machine getting used. This helps be sure that solely approved customers and units have entry to delicate sources, decreasing the danger of unauthorized entry and information breaches.

System- and identity-based authentication for each useful resource request

Conventional firewalls usually depend on community location to find out belief. NGFWs built-in right into a zero-trust framework use identity-based insurance policies and multifactor authentication to confirm units’ and customers’ trustworthiness. It is a extra granular and dynamic strategy to granting entry to community sources, endpoints and units. 

Microsoft Azure depends on NGFWs to ship zero belief 

Microsoft Azure makes use of next-generation firewalls (NGFWs) to offer zero-trust safety by permitting enterprises to implement strict entry controls and phase their networks into separate safety zones, bettering the networks’ total safety posture.

With Azure Firewall, enterprises can create and implement guidelines to manage inbound and outbound site visitors to and from their Azure digital networks. This consists of permitting or blocking site visitors based mostly on varied standards, such because the site visitors sort, the site visitors’s supply and vacation spot, and the id of the consumer or machine initiating the site visitors.

By utilizing Azure Firewall to phase the community into separate safety zones, enterprises can higher safe delicate areas of the community, equivalent to servers or databases, and isolate them from different components of the community that will not want entry to these sources.

Along with controlling site visitors circulate, Azure Firewall could be configured to watch and examine site visitors for threats and anomalies and reply appropriately. This will embody blocking malicious site visitors, quarantining contaminated units and alerting safety personnel to potential threats.

Along with Azure Firewall, Microsoft Azure presents different safety options supporting zero-trust rules, equivalent to Azure Non-public Hyperlink. This service permits enterprises to securely entry Azure PaaS companies and Azure-hosted APIs over a personal community connection, serving to to guard in opposition to information exfiltration and different varieties of cyberthreats.

By utilizing Azure Non-public Hyperlink and different safety options, enterprises can set up safe, non-public community connections to sources in Azure, additional decreasing the danger of information breaches and different safety incidents.

NGFWs and nil belief are on a collaborative path 

Search for NGFW distributors to proceed investing in AI and ML applied sciences to distinguish their platforms additional. Search for them to additionally opportunistically determine particular areas of the tech stack that they will actively consolidate into their product and repair methods. NGFWs will more and more be designed to fit into zero-trust community entry (ZTNA) networks and play a cooperative position in zero-trust frameworks. 

Distributors might want to additional enhance API integrations, primarily with IPS, SIEM programs and data-loss prevention (DLP) programs, to offer a extra complete strategy to safety. They’ll additionally want to focus on how software-defined networking (SDN) could be extra adaptive whereas offering extra granular management over community site visitors.