The firewall in decades past was mainly the port-based guardian of the Internet. Now vendors are vying to build so-called "next-generation firewalls" that are "application-aware" because they can monitor and control access based on application use.
In addition, more and more features have been packed into many firewalls that include intrusion-prevention systems (IPS), web filtering, VPN, data-loss prevention, malware filtering, even a threat-detection sandbox to try and uncover zero-day attacks. When it comes to the standalone IPS, it might be called "next-generation IPS" as well due to its application controls, such as the IBM Network Security Protection XGS 5000, or the McAfee NS-Series.
It's all part of the race among the firewall/IPS vendors to try and stay ahead of the pack as they also push for ever-higher throughput to satisfy the need for speed as data centers, which have undergone virtualization, making higher bandwidth in the firewalls a necessity.
Vendors crave the "thumbs-up" from the influential Gartner consultancy or vie to beat competitors in technical evaluation tests, such as those done by NSS Labs or Neohapsis Labs. But in the end, it's all to win the approval of buyers such as Rusty Agee, who's information security engineer for the City of Charlotte, N.C., which makes use of a wide array of firewalls.
"Firewalls have evolved," says Agee, and when it comes to function and speed in firewalls and IPS, "I'm always looking for more."
Data-center virtualization, the increased use of mobile devices and the prospect of the city adopting a "Bring Your Own Device" (BYOD) policy are some of the reasons Agee stays open to new possibilities to protect data at the various government agencies. The city's fire and police departments have started using tablets and smartphones and a BYOD migration policy is now being considered, he points out.
City employees that use mobile devices are making use of the Cisco AnyConnect client to establish a VPN-type connection back to the city's Cisco ASA firewall, according to Agee. Along with other Cisco firewalls and standalone Cisco IPS, the city also makes use of Check Point firewalls and standalone IPS to cordon traffic to critical servers, data centers, Internet access and the city's wireless network.
But multi-vendor firewall/IPS in the city's network doesn't stop there. The city also has the Palo Alto Networks Next-Generation Firewall to monitor and control employee use of applications. Plus, the city uses the F5 Networks application firewall to look for attack traffic against Web servers. Agee says the city of Charlotte has centralized log management for these security devices with LogRhythm's security information and event management.
"Our firewalls dump hundreds of thousands of logs per day into LogRhythm," says Agee, who adds the city government also at times receives feeds related to security alerts from federal sources as well. Centralizing firewall and IPS log feeds, along with server logs, helps the city security staff determine from a single point what's a network-security issue that might involve an attack vs. an employee Web use issue that would be better handled by human resources or management.
Sign up for Computerworld eNewsletters.