Managing Next Generation Firewalls

The Challenge

Business growth is driving the introduction of many new applications into the enterprise. In order to facilitate usage and collaboration of distributed workforces, many applications are web-based. In addition, modernized data centers are combining virtualized and physical technologies, with application resources scattered throughout this hybrid environment. Therefore, the key to these new applications and initiatives is accessibility to the Internet. Without access, business is simply on hold. Unfortunately, the Internet can also be the conduit for cyber threats and other malicious activity. Vulnerabilities and malware can slip through the existing traditional firewalls, proxies, IPS and other security controls.

The challenge is to find the right cyber security controls to approve the network traffic, connectivity and applications that your business needs while containing and managing risks to prevent breaches.

The next generation firewall (NGFW) was designed exactly with the increased cyber threat scenarios in mind. It allows enterprises to provide safer, application-driven access to Internet resources--through deeper analysis of network traffic down to the application layer—specifically, identification of the application in use and each user accessing each application. By relying on App-ID, User-ID, and Content-ID technologies, enterprises can gain visibility and control over network traffic using business-oriented criteria.  

NGFW allows connectivity without introducing unnecessary risks. How? Next generation firewalls utilize security policies based on authorization of specific users for specific applications, instead of only on port numbers and IP addresses (as with traditional firewalls). According to Gartner, by year-end 2016, the majority of large enterprises will adopt a NGFW technology to consolidate intrusion prevention and firewall capabilities. NSS Labs predicts that NGFW total market revenues will increase to $5.8 Billion by 2018.

The Tufin Orchestration Suite Solution

Since adopting NGFW has become a strategic imperative, there is an acute need for seamless, comprehensive management and auditing capabilities for both next-generation and network-layer firewalls. Most enterprises today have NGFWs as part of their network alongside traditional firewalls and other security controls. However, because it is not feasible for organizations to replace hundreds of firewalls, they opt for a staged approach. Managing security policies for so many different types of firewalls is challenging and adds to network complexity, so that in some cases, IT teams simply continue to use old service-based policies instead of leveraging App-ID based policies.   

The Tufin Orchestration Suite provides a holistic view by creating a single Unified Security Policy that enables managing each firewall based on its capabilities: next generation firewalls based on App-ID and traditional firewalls based on services. The Suite’sSecurity Policy Orchestration provides security managers with a single pane of glass for seamlessly managing security policies and auditing, across all network firewalls, private cloud and public cloud.

The Tufin Orchestration Suite

10.35.4.249;