What is a next-generation firewall (NGFW)?

A next-generation firewall (NGFW) is a network security appliance capable of inspecting traffic at the protocol level. An NGFW can enable companies to block unauthorized access, prevent malware from entering the network and securely accelerate business applications. This takes things one step further with not just inspecting packets going in and out of the network, but breaks things down further depending on the applications.

What is the difference between a traditional firewall and an NGFW?

Traditionally, firewalls have been used to protect organizations from security threats. Security professionals can install a basic firewall on their network to filter out unwanted traffic. A next-generation firewall is more sophisticated than this because it functions at layer 7 of the Operating System (OS).

Why is this important?

Lets say most of the traffic now days goes through HTTP, aka your web browser.

When you browse the web, what do you suspect happens? Your browser sends HTTP requests to servers around the world, and in return you receive a response. Big data packets originate from business applications as well, such as file transfer protocol(FTP) or web services like MapReduce or Twitters API. Often time a breach happens through these protocols, where a Layer 3 firewall could potentially let the threat in such as SQL injection by default without explicitly denying these requests.

Layer 7 VS Layer 3 Firewall

What can you do about threats that get past simple packet inspection by a regular firewall? You could have a layer 3 firewall inspect the protocol and block known threats from certain URLs, but what if it comes from a URL that has not been reported and is a socially engineered exploit designed to hijack your data. This is where a Layer 7 firewall will be able to inspect the application, known as payload inspection.

While this is possible to do with a Layer 3 firewall, it can be difficult because of the number of protocol messages in Layer 7. You would need to create a signature for each application you wanted to protect; however, network signatures tend to block legitimate data and increase your MTTR (mean time to resolve an issue).

Plus having these signatures makes it hard to manage and keep up with by the IT staff. Relying on the power of AI and the cloud in order to leverage the Layer 7 firewall is key. The advantage of Layer 7 is its protocol awareness, which allows it to differentiate between different network traffic (application knowledge) and not just packets or flows that identify ports and IPs (Layer 3).

Conclusion

To summarize the difference between the firewall you already have and the NGFR is, Layer 7 uses machine intelligence and security knowledge to know if an application should be allowed or not as well as identify the risks associated with those applications. While Layer 3 (your trusty ole firewall) mainly manages traffic coming from the outside into the network. As the number of data breaches, data hijacking by encryption and other cybercrimes keep rising. NGFW will be the next major security measure that is widely implemented on all business networks regardless of the size of the organization to keep systems secure.