Next-Generation Firewall

Next-Generation Firewall (NGFW) is an integrated network security platform that combines traditional firewalls with other network-based traffic filtering solutions such as Deep Packet Inspection (DPI), Intrusion Prevention System (IPS), and more.

Differences from traditional firewalls

The next generation firewalls contain many of the functions inherent in traditional firewalls: packet filtering, built-in virtual private network (VPN), network address and port translation, traffic inspection with storing the state of a data packet, etc.

At the same time, NGFW solutions filter not just at the port and protocol level, but at the layer of application protocols and functions of the applications themselves, thus looking deep into transactions and stopping malware activity and blocking the most complex attack methods.

According to the definition of Gartner analysts, next-generation firewalls should be guaranteed to provide the following:

• Protection against continuous attacks by infected systems
• standard capabilities for the first generation of firewalls;
• signatures for defining application types based on the IPS engine;
• Full-stage inspection of traffic, including applications, as well as detailed and configurable control at the application level
• The ability to include information outside the firewall (for example, integration with network directories, white and black application lists)
• A continuously updated database of application and threat definitions
• inspection of traffic encrypted using SSL.

Evolution of NGFW

As information system hacking techniques improved, firewalls evolved. The new generation of these products has become specialized and performs deep traffic analysis and application identification. The work of these solutions has noticeably accelerated compared to its predecessors, much more complex sets of rules and flexible security policy settings have appeared.

Migration to next-generation firewalls begins

That is why in 2015 the demand for new generation firewalls is growing from large companies (data center operators, large network providers and security services), medium-sized businesses and government agencies.

According to analysts Research and Markets, the global NGFW market size will increase by 12.1% annually between 2014 and 2019. Experts call Check Point, Cisco Systems, Fortinet, Juniper Networks, McAfee and Palo Alto Networks the key developers of these products.^[1]

Chronicle

2025: Bank of Russia tests domestic firewalls

Testing of the next generation domestic firewalls (NGFW) has been completed, and its results have been satisfactory. This was announced on March 3, 2025 by Andrei Vybornov, Deputy Director of the Information Security Department of the Bank of Russia. According to him, "the situation turned out to be uncritical," and the regulator received "normal test results."

According to Vedomosti, several Russian banks participated in the tests, providing their infrastructure to test the capabilities of domestic means of protection. On the part of the developers, four companies that create firewalls took part in the testing. According to the representative of the Central Bank, there were no restrictions on accepting applications, all interested vendors were included in the work.

𝓲

Фото: Freepik

Next-generation firewalls (NGFWs) are network security hardware that filters inbound and outbound traffic, preventing unauthorized data access. Vadim Uvarov, Director of the Information Security Department of the Bank of Russia, announced the start of testing this equipment in November 2024 at the SOC forum, indicating that four leaders among manufacturers were determined in the testing process.

The test results were sent to the Ministry of Digital Development to assess the need for improvements in solutions. These tests are of high importance in the context of import substitution, since according to presidential decree No. 250 of March 30, 2022, all software and hardware complexes at critical information infrastructure (CII) facilities should have been imported by January 1, 2025.

The representative of VTB confirmed the bank's participation in testing, noting that the bank, together with other members of the working group under the auspices of the Central Bank, participated in the development of technical requirements for laboratory testing of NGFW. At the same time, he admitted that "testing Russian NGFWs was not easy, there is still something to work on."^[2]

2024: The Russian market for NGFW solutions grew by 30% over the year and reached ₽52,2 billion

The volume of the Russian market for new generation firewalls (NGFW) in 2024 reached ₽52,2 billion, an increase of 30.1% compared to the previous 2023. Such data are contained in a study by the Center for Strategic Research (CSR), published in early April 2025. According to the report, the growth rate in Russia is 18% ahead of the dynamics of the global market.

According to the CSR, by 2030 the market volume of NGFW solutions in Russia may reach ₽146,3 billion with an average annual growth of 18.3%, which is 6.2% higher than the global pace in this segment. Such dynamic growth is primarily due to a sharp change in the market structure in favor of domestic developers.

𝓲

Фото: Freepik

Deputy General Director of the CSR Ekaterina Kvasha noted that the study was based on data from open sources, the results of company questionnaires and a survey of key industry participants. According to the center's estimates, 76.8% of companies continue to use foreign solutions, but their share in new sales has significantly decreased - from 72% in 2021 to 31.6% in 2024.

CSR experts predict a further increase in the share of Russian companies in this market, with the peak of the import substitution process expected in 2025-2026. The key growth factors are not only a change in the supplier landscape, but also the increasing intensity of cyber attacks on the IT infrastructure of Russian companies, government support measures, as well as tightening cybersecurity legislation.

Pavel Korostelev, head of the Security Code product promotion department, characterizes the NGFW segment as the most controversial in terms of interaction between the state, market and vendors. He believes that due to the variety of requirements and the specifics of customer IT infrastructures, significant opportunities have opened up for manufacturers, but the stage of explosive growth is nearing completion, and the market is entering a maturity phase, followed by increased competition and consolidation.

The researchers also identified factors that restrain the development of the NGFW market in Russia. Among them are the high cost of upgrading the network infrastructure and introducing new solutions, as well as the labor intensity of restructuring the processes of operating NGFW systems. Nevertheless, domestic solutions in this segment demonstrate noticeable progress.

Almaz Mazitov, NGFW Business Development Manager at Innostage, points out that problems with technical support and the complexity of introducing new solutions are inevitable stages in the development of the NGFW domestic market. He is confident that in the coming years Russian companies will be able to offer competitive products that provide a high degree of protection against cyber threats, which is facilitated by positive market dynamics and state support.

Despite the fact that domestic solutions have not yet reached the maturity level of their foreign counterparts, over the past two years, leading Russian companies, including User Gate, Security Code, Positive Technologies and Solar Group of Companies, have significantly strengthened their positions in the market.

The head of the Solar NGFW product of Solar Group Albert Mannanov emphasizes that the departure of Western NGFW vendors created a powerful incentive for the development of Russian developments of this class of solutions starting in 2022. At the same time, over the past two years, the growing maturity of Russian solutions has become an additional factor in the development of the industry, given the key role of NGFW in protecting the network infrastructure.

By the end of 2024, there were already more than 30 participants in the NGFW market in Russia with products of varying degrees of readiness. Key leaders have been identified, and the consolidation of the proposal has begun, the end of which experts expect by 2026.^[3]

2023: Rostelecom, VTB and Positive Technologies invest 3.5 billion rubles in creating new generation firewalls

Rostelecom, VTB and Positive Technologies are investing 3.5 billion rubles in the creation of new generation firewalls (NGFW). This became known in mid-April 2023.

As CNews writes with reference to the roadmap "New system-wide software" prepared by VK, Rostelecom, Kaspersky Lab and 1C within the framework of an agreement with the Government of the Russian Federation, VTB will implement two projects in the field of NGFW. The first of these is the "100 gb NGFW Encoder." This product is intended for cryptographic protection of information transmitted over high-speed communication channels at a speed of 100 Gbps.

Rostelecom, VTB and Positive Technologies intend to invest a total of 3.5 billion rubles. in the development of their own new generation firewalls (NGFW)

The second product is "Modern NGFW 100 gb." The product will filter network traffic to protect organizations from internal and external threats. The product will support stateful firewall features such as packet filtering, IpSec and SSL VPM support, network monitoring, and IP address mapping features, and will include deeper content validation. The documents talk about VTB's plans to spend 1.6 billion rubles to create two products based on NGFW.

Solar Dozor NGFW, a product of RTK-Solar (a subsidiary of Rostelecom), is also included in the New System-Wide Software roadmap. The general director of the company Igor Lyapunov estimated investments in the development of this solution at 1.2 billion rubles for a 5-year period. By April 2023, Solar Dozor NGFW supports a speed of 20 Gbps, by 2024 it will reach a speed of 100 Gbps.

Positive Technologies is also going to enter the NGFW market. Its managing director Denis Korablev linked the vendor's solution with the departure of foreign NGFW solution developers from Russia, after which Positive Technologies customers were left without protection. Investments in the company's project will amount to 750 million rubles.^[4]

Notes