Much has been made about bringing application visibility and control into network security. The reason is obvious: applications can easily slip by traditional port-based firewalls. And the value is obvious: employees use any application they need to get their job done—often indifferent to the risk that use poses to the business. Nearly
every network security vendor has acknowledged that application control is an increasingly critical part of network security. While the next-generation firewall (NGFW) is well defined by Gartner as something new, enterprisefocused,
and distinct, many network security vendors are claiming NGFW is a subset of other functions (e.g.,UTM or IPS). Most traditional network security vendors are attempting to provide application visibility and control by using a limited number of application signatures supported in their IPS or other external database. But
underneath, these capabilities are poorly integrated and their products are still based on legacy port-blocking technology, not NGFW technology. Perhaps most importantly, these folks are missing the point – it’s not about blocking applications, but safely enabling them. Unfortunately, the products proffered by traditional network security vendors ignore much of what enterprises do with applications today – they use them to enable their business – and as such, need to make sure that those applications run securely. It is obvious that a next-generation
firewall is a different and revolutionary class of product, but the interest from enterprise customers is so strong that vendors of traditional products are trying to subvert the interest of enterprise network security team by attempting
to look like an NGFW.
This whitepaper was brought to you by a partner of Response Data Communications – The Enterprise IT Specialists.