Sourcefire Releases Next-Next-Gen Firewall
What’s better than a firewall? If you ask the folks at Palo Alto Networks, they’ll say a next-generation firewall that’s application-aware and able to dynamically block threats.
What’s better than a next-generation firewall? If you ask the folks at SourceFire, they’ll say their next-generation firewall, which is actually a next-next-generation firewall that includes application awareness and a next-generation intrusion prevention system.
Next-generation firewalls (NGFWs) are surging in adoption as businesses look to consolidate security functions into fewer appliances and increase risk exposure. Palo Alto Networks made a name for itself in this security segment by aligning around the next-generation label and pushing its products as smart replacements for conventional stateful inspection firewalls.
Palo Alto Networks isn’t the only vendor in the NGFW market. Other vendors include SonicWall, McAfee, Barracuda Networks and, arguably, Juniper Networks. Near rivals include Fortinet, Watchguard Technologies, Cisco, Check Point and Sophos/Astaro, which market unified threat management (UTM) devices that share many of the same characteristics as NGFWs.
Distinguishing NGFWs from conventional firewalls is application awareness. Stateful inspection firewalls filter traffic based on protocols and ports. NGFWs make security policy enforcement decisions based on application function and threat probability. Application awareness makes NGFWs more adept at detecting and preventing dynamic attacks that happen much higher in the OSI stack.
SourceFire believes the approach taken by NGFW pioneers is correct and valuable, but needs more contextual awareness. That’s where the integration of its intrusion detection technology with NGFWs’ architecture makes a difference. Not only does SourceFire’s NGFW make policy decisions on known application issues, but it adds situational awareness for what else is happening on the network.
“As enterprises seek to increase their protection efforts, they are looking for solutions that offer the agility to be effective in the face of modern threats,” said SourceFire CTO Martin Roesch in a statement. “Other NGFW solutions force customers to make tradeoffs between control, prevention, performance and manageability. The Sourcefire Next-Generation Firewall includes our industry-leading NGIPS, and provides the user the power and confidence to prevent and respond to today’s complex threats with the granular control required today.”
SourceFire, a company built on its IPS products that emerged from the management of open-source Snort sensors, see a potential to break into the NGFW market. And its channel partners are critical part of the plan. Channel marketing director Mike Guiterman tells Channelnomics that solution providers will have tremendous opportunity replacing legacy firewalls with the advanced NGFW, as well as ample integration and services opportunities.
SourceFire is hardly alone in its ambitions to replace aging firewalls with something different. In fact, many security hardware vendors are looking to extend firewall-like protection to mobile devices through VPN tunnels, as SonicWall, Watchguard and Palo Alto have. So the availability of a NGFW with IPS capabilities will likely have appeal to enterprise customers and, depending price, midmarket customers.
The SourceFire announcement does raise questions about using the label “next-generation” on everything. What will SourceFire, Palo Alto and others call the next generation of their next-generation firewalls and IPSes when they hit the market in a couple of years? It all seems so limiting and, potentially, confusing to partners and customers alike.
While SourceFire’s inclusion of IPS in a NGFW looks like a reasonably good idea, we have to wonder if this is better called a next-generation UTM. The entire concept of UTM was the consolidation of security functions into fewer appliances, and this product certainly fits that definition.
SourceFire, Palo Alto, Barracuda and their ilk are correct that there’s tremendous opportunity in advanced firewalls that are application and contextually aware. However, the use of nomenclature to jockey for position in the market will likely create confusion that will complicate reseller sales.
One Response to “Sourcefire Releases Next-Next-Gen Firewall”
Leave a Reply
|
|
 |
Gartner wrote a year ago about how some prospects were confused with Palo Alto Networks and their NGFW. Customers felt that PAN was beginning to overlap into Secure Web Gateway territory. This would be fine with NGFW vendors since they would like to make SGW’s (Secure Web Gateways) obsolete.
According to SourceFire’s website, Gartner is saying that “Next-generation network IPS will be incorporated within a next-generation firewall”. A Ponemon Institute Survey on NGFW’s states that 47% of the companies they’ve surveyed have already deployed these, though. The same survey found that over half the companies found performance degradation when IPS was implemented as part of the firewall.
SourceFire has URL filtering as an option for the NGFW’s. This has to capture the attention of the handful of vendors that are in the Leader’s section of Gartner’s SGW Magic Quadrant.
SourcFire’s discussion on application control as part of their firewall is a whole another issue. The degree of granularity differs by vendor.
PAN won round one for defining what an NGFW was. SourceFire would like to win round two. The segment should come up with something stronger than “Next Generation” to differentiate the evolution of their offerings (NG is so “Star Trek”. Firewall and security vendors shouldn’t be confusing the customers.