Many business organizations have heard of the concept of a ‘next generation firewall,’ but what does the term actually mean? A next generation firewall is more than a traditional firewall system with better filters. Instead, it takes a fundamentally different approach to network security. Firewalls originally classified data traffic according to IP address or port access number. Based on these criteria, the firewall would decide whether to allow traffic from outside to enter the network.
One drawback to this approach was that it had a difficult time dealing with ‘spoofed’ IP addresses, a technique that hackers soon learned to master so that they could trick their way past a firewall. This is not as big an issue with next generation firewalls, because they classify traffic according to the application desiring access and the user currently operating that application. This allows for a far more nuanced approach to access rules.
In essence, a next generation firewall can allow applications limited access to the outside world; no longer is network security an all-or-nothing proposition. The firewall has then become a way to administer control over applications so that security concerns interfere as little as possible with productivity and workflow.
Industry analysts estimate that in the four years preceding 2014, there will be average annual growth of almost 25 percent in the market for next generation firewalls. Due to their complexity, these firewalls are best implemented through a managed services model of IT solutions.