Content |
Next-Generation Firewall (NGFW) is an integrated network security platform that combines traditional firewalls with other network-based traffic filtering solutions such as Deep Packet Inspection (DPI), Intrusion Prevention System (IPS), and more.
Differences from traditional firewalls
The next generation firewalls contain many of the functions inherent in traditional firewalls: packet filtering, built-in virtual private network (VPN), network address and port translation, traffic inspection with storing the state of a data packet, etc.
At the same time, NGFW solutions filter not just at the port and protocol level, but at the layer of application protocols and functions of the applications themselves, thus looking deep into transactions and stopping malware activity and blocking the most complex attack methods.
According to the definition of Gartner analysts, next-generation firewalls should be guaranteed to provide the following:
- Protection against continuous attacks by infected systems
- standard capabilities for the first generation of firewalls;
- signatures for defining application types based on the IPS engine;
- Full-stage inspection of traffic, including applications, as well as detailed and configurable control at the application level
- The ability to include information outside the firewall (for example, integration with network directories, white and black application lists)
- A continuously updated database of application and threat definitions
- inspection of traffic encrypted using SSL.
Evolution of NGFW
As information system hacking techniques improved, firewalls evolved. The new generation of these products has become specialized and performs deep traffic analysis and application identification. The work of these solutions has noticeably accelerated compared to its predecessors, much more complex sets of rules and flexible security policy settings have appeared.
Migration to next-generation firewalls begins
That is why in 2015 the demand for new generation firewalls is growing from large companies (data center operators, large network providers and security services), medium-sized businesses and government agencies.
According to analysts Research and Markets, the global NGFW market size will increase by 12.1% annually between 2014 and 2019. Experts call Check Point, Cisco Systems, Fortinet, Juniper Networks, McAfee and Palo Alto Networks the key developers of these products.[1]
Chronicle
2023: Rostelecom, VTB and Positive Technologies invest 3.5 billion rubles in creating new generation firewalls
Rostelecom, VTB and Positive Technologies are investing 3.5 billion rubles in the creation of new generation firewalls (NGFW). This became known in mid-April 2023.
As CNews writes with reference to the roadmap "New system-wide software" prepared by VK, Rostelecom, Kaspersky Lab and 1C within the framework of an agreement with the Government of the Russian Federation, VTB will implement two projects in the field of NGFW. The first of these is the "100 gb NGFW Encoder." This product is intended for cryptographic protection of information transmitted over high-speed communication channels at a speed of 100 Gbps.
The second product is "Modern NGFW 100 gb." The product will filter network traffic to protect organizations from internal and external threats. The product will support stateful firewall features such as packet filtering, IpSec and SSL VPM support, network monitoring, and IP address mapping features, and will include deeper content validation. The documents talk about VTB's plans to spend 1.6 billion rubles to create two products based on NGFW.
Solar Dozor NGFW, a product of RTK-Solar (a subsidiary of Rostelecom), is also included in the New System-Wide Software roadmap. The general director of the company Igor Lyapunov estimated investments in the development of this solution at 1.2 billion rubles for a 5-year period. By April 2023, Solar Dozor NGFW supports a speed of 20 Gbps, by 2024 it will reach a speed of 100 Gbps.
Positive Technologies is also going to enter the NGFW market. Its managing director Denis Korablev linked the vendor's solution with the departure of foreign NGFW solution developers from Russia, after which Positive Technologies customers were left without protection. Investments in the company's project will amount to 750 million rubles.[2]