Why next-generation firewalls will be essential to a zero-trust world

Check out all the on-demand sessions from the Intelligent Security Summit here.

Next-generation firewalls (NGFWs) are integral to the future of zero-trust security. Gartner defines NGFWs as “deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.” Continuing its definition, Gartner advises that “an NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that is not closely integrated.” 

As noted by Forrester, “NGFWs are the cornerstone of zero trust.” In a zero-trust network, NGFWs act as segmentation gateways, “taking security controls found in individual point products (firewalls, intrusion prevention systems, web application firewalls, content filtering gateways, network access controls, VPN gateways, and other encryption products) and embedding them in a single solution.”

Investing heavily in AI and machine learning 

NGFW vendors are doubling down on R&D investments in artificial intelligence (AI) and machine learning (ML) to differentiate themselves and deliver more value as part of enterprise zero-trust security initiatives. The focus areas of development are automated threat detection and response; user and device behavior analysis; advanced application control; and predictive analytics to identify potential security threats before they occur. By leveraging AI and ML, NGFWs can continuously learn and adapt to the changing threat landscape, providing a more effective zero-trust approach to protecting against cyberattacks.

>>Don’t miss our special issue: Zero trust: The new security paradigm.<<


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

“Firewall vendors retooled their portfolios to apply artificial intelligence, vendor-delivered services, and partner service for network security. Artificial intelligence is starting to deliver both security efficacy and configuration guidance,” said David Holmes, senior analyst in The Forrester Wave™: Enterprise Firewalls Q4 2022 report. “Palo Alto Networks‘ new policy-creation wizards use AIops to continuously recommend best practices on any change, effectively providing real-time guardrails to the user,” Holmes writes in the Forrester report. 

Leading providers of NGFWs that support zero trust include Barracuda Networks, Check Point Software Technologies, Cisco, Forcepoint, Fortinet, Juniper Networks, Palo Alto Networks, SonicWall, Sophos and WatchGuard. 

How firewalls contribute to zero trust 

Overall, next-generation firewalls are essential for enterprises pursuing zero-trust security; they help enforce strict access controls, segment the network and protect against cyberthreats. NGFWs contribute to zero-trust security by providing the following: 

Advanced threat protection and visibility to enforce least privileged access

NGFWs’ device firmware and, for many vendors, native silicon, too, are designed to be continually updated with improvements toward more granular control over who has access to a given resource, for how long, from which devices and using which specific privileged access credential. Updates are delivered in milliseconds and transparent to administrators, alleviating the need for IT teams to perform patch management.

NGFWs that can integrate into zero-trust environments have automated patch updates to their firmware, which keep current their IPS, application control, automated malware analysis, IPsec tunneling, TLS decryption, IoT security and network traffic management (SD-WAN). 

Providing microsegmentation to reduce the attack surface of an enterprise network

Next-generation firewalls can be configured to provide microsegmentation, organizing networks into smaller, more granular security zones that reduce the attack surface of an enterprise’s network.

NGFWs monitor and inspect traffic for threats and anomalies in real time, then act on them based on the logic and rules defined during implementation.

This can include blocking malicious traffic, quarantining infected devices and alerting security personnel to potential threats.

Integration with other zero-trust security platforms, apps and tools

Leading NGFW providers commonly publish open APIs designed to streamline the integration of their systems across enterprise tech stacks. NGFWs are most often integrated with application gateways and security information and event management (SIEM) systems so security teams can gain a more comprehensive view of the network and its security posture. This can help enterprises to detect and respond to security threats more effectively.

User- and device identity-based controls restrict access to specific areas of a corporate network

NGFWs use access controls that are based on the identity of the user or device attempting to access the network.

For example, an NGFW can be configured to allow or block access to certain resources or areas of the network based on the user’s role, job function or the type of device being used. This helps ensure that only authorized users and devices have access to sensitive resources, reducing the risk of unauthorized access and data breaches.

Device- and identity-based authentication for every resource request

Traditional firewalls often rely on network location to determine trust. NGFWs integrated into a zero-trust framework use identity-based policies and multifactor authentication to verify devices’ and users’ trustworthiness. This is a more granular and dynamic approach to granting access to network resources, endpoints and devices. 

Microsoft Azure relies on NGFWs to deliver zero trust 

Microsoft Azure uses next-generation firewalls (NGFWs) to provide zero-trust security by allowing enterprises to enforce strict access controls and segment their networks into separate security zones, improving the networks’ overall security posture.

With Azure Firewall, enterprises can create and enforce rules to control inbound and outbound traffic to and from their Azure virtual networks. This includes allowing or blocking traffic based on various criteria, such as the traffic type, the traffic’s source and destination, and the identity of the user or device initiating the traffic.

By using Azure Firewall to segment the network into separate security zones, enterprises can better secure sensitive areas of the network, such as servers or databases, and isolate them from other parts of the network that may not need access to those resources.

In addition to controlling traffic flow, Azure Firewall can be configured to monitor and inspect traffic for threats and anomalies and respond appropriately. This can include blocking malicious traffic, quarantining infected devices and alerting security personnel to potential threats.

In addition to Azure Firewall, Microsoft Azure offers other security solutions supporting zero-trust principles, such as Azure Private Link. This service enables enterprises to securely access Azure PaaS services and Azure-hosted APIs over a private network connection, helping to protect against data exfiltration and other types of cyberthreats.

By using Azure Private Link and other security solutions, enterprises can establish secure, private network connections to resources in Azure, further reducing the risk of data breaches and other security incidents.

Combining Microsoft Azure’s DDoS Protection, Web Application Firewall and Azure Firewall in the above configuration is an example of how Azure’s NGFW provides zero trust. Source: Zero Trust with Azure Network Security, Microsoft Tech Community Blog, Dec. 5, 2022

NGFWs and zero trust are on a collaborative path 

Look for NGFW vendors to continue investing in AI and ML technologies to differentiate their platforms further. Look for them to also opportunistically identify specific areas of the tech stack that they can actively consolidate into their product and service strategies. NGFWs will increasingly be designed to slot into zero-trust network access (ZTNA) networks and play a cooperative role in zero-trust frameworks. 

Vendors will need to further improve API integrations, primarily with IPS, SIEM systems and data-loss prevention (DLP) systems, to provide a more comprehensive approach to security. They’ll also need to concentrate on how software-defined networking (SDN) can be more adaptive while providing more granular control over network traffic.

Originally appeared on: TheSpuzz