Discover PerformanceHP Software's community for IT leaders // October 2013
3 reasons to evolve your security firewall
The traditional firewall is not enough to meet today’s security needs. Here’s why.
Enterprise adoption of cloud, virtualization, and mobility is providing more vulnerabilities than ever for hackers to exploit. The traditional first line of defense, the simple, stately firewall, only looks at IP addresses, ports, and protocols to classify and control network traffic. But these days, that isn’t nearly enough. Hackers are now attacking multiple vectors simultaneously and finding ways to hide within packets or applications.
Some will tell you the firewall is passé—a necessary formality. But the firewall is, or should be, much more. The firewall has to evolve to meet today’s more sophisticated security needs.
Defining the next-generation firewall
A modern firewall must manage people and applications, not just ports. What defines a next-generation firewall is the ability to perform deep packet inspection by integrating intrusion detection with application intelligence and detailed policy control. These capabilities allow you to inspect the full stack while also consolidating functionality to achieve simpler network management.
Aside from the obvious benefits of simplicity, a next-generation firewall makes sense for enterprises for three specific reasons:
1. Applications in the crosshairs. Hackers are innovating along with technology, moving from networks to OS environments to applications. HP Security Research has found that as much as 84 percent of security breaches exploit application vulnerabilities. Next-generation firewalls must provide app-level control, allowing you to limit traffic to only approved applications, reducing your overall exposure (not to mention preserving some of your bandwidth).
2. The Swiss cheese effect. Many enterprise networks are now being accessed from all directions, at all times, by mobile employees logging in with an array of configurations and cloud-based solutions accessing company data. A next-generation firewall must better secure the transmission so that you can more easily monitor all incoming and outgoing traffic.
3. Disintegrating network borders. New technologies designed to provide more flexibility and access (read: mobility, cloud) have expanded the borders of enterprise networks, but have also made them more permeable. Meanwhile, more data than ever is flowing across these borders. A next-generation firewall can provide the ability to collect, store, and analyze log or event data from any system within the network, then correlate these with information flow and user and application activity to create a full picture of what’s happening in the organization.
The future is now
The move toward next-generation firewalls has already begun. But making the switch is no simple matter. Each company may require a slightly different firewall, so determining your specific needs, budget, and cost of ownership should be the first step. Partnering with an experienced provider is the next.
The HP Security Intelligence and Risk Management platform allows you to proactively address security needs. Integrating information correlation, deep application analysis, and network-level defense mechanisms, the HP Security platform unifies components for a complete security program that stretches across the enterprise.
For more detail, read the white paper “Why You Need a Next-Generation Firewall” (reg. req’d) from HP Enterprise Security.