Story image

Why you should leverage a next-gen firewall platform

13 Nov 2018

Article by Hillstone Networks CTO Tim Liu

A next-generation firewall platform (NGFW) addresses the ever-changing landscape of threats with expanded features and partnerships to close the loop on cyber attacks—from the enterprise network to the cloud.

These offer different levels of protection in three critical stages: pre-breach, breach, and post-breach. Here are the main five security features of next-generation firewalls:

Full lifecycle-based threat detection and prevention

It is important to provide an organisation with a multi-layered defence across the entire threat lifecycle while enabling different levels of protection in three critical stages: pre-breach, breach, and post-breach.

Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.

Each of the threat lifecycle stages has its own set of risks—so they need to be addressed with the following:

  • IP reputation: Identify and filter traffic from risky IPs such as botnet hosts, spammers, Tor nodes, breached hosts, and brute force attacks
  • Botnet Command and Control (C&C) detection: Discover intranet botnet hosts by monitoring C&C connections, blocking further advanced threats such as botnet and ransomware
  • Enhanced Cloud Sandbox: Support the static analytic only mode which will execute static MD5 detection without uploading the file to the cloud, leveraging more than 1 billion malicious file samples, exponentially increasing the known virus detection rate.

The importance of IPv6 in network security

The transition from IPv4 to IPv6 brings up more security challenges to the network, and it requires that the modern NGFW can provide comprehensive visibility, deep security, and advanced configuration capabilities across a combination of IPv4 and IPv6 traffic.

While full migration to IPv6 is a matter of time, it is better to be ready now to make the move to better security.

  1. Full security for IPv6: application identification and control, firewall, IPS, Anti-virus, URL filtering etc.
  2. Networking adaptability: IPv6 tunnelling, DNS64/NAT64, and more, IPv6 routing protocols, static routing, policy routing, ISIS, RIPng, OSPFv3 and BGP4+, IPSec. vSYS, and more
  3. Ease of Operations and Management: web UI support provides easier configuration, IPv6 traffic monitoring, and advanced statistic and logging

Enhanced authentication and access control in more scenarios

It is key to enable organisations to support more advanced authentication scenarios required when supporting workforces across all devices.

With such a feature, organisations are enabled to embrace the challenges of modern authentication and access control in support of improved workforce productivity.

  • Support MAC-based wireless user authentication: For better connectivity and security in DHCP scenarios
  • Improve endpoint identification and control: detects all endpoint accesses to the network, identify their statuses and related information, and perform the necessary controls for unauthorised accesses like unauthorized hotspots
  • Optimised web authentication: The optimised authentication configurations and logic improve the overall user experience

Advanced network operation and management capability

It is important to streamline time-consuming administrative tasks, including traffic monitoring, policy configuration, and execution, relieving network admins to focus on the business and less on daily maintenance tasks.

Netflow: Support Netflow protocol v9.0 to collect data, and send network traffic to external platforms for traffic analytics and monitoring.

  • Advanced policy groups: Enables policy management in groups, providing admins of large enterprises to manage large amounts of policies in a more efficient manner
  • Policy configuration rollback: Provides the ability to rollback policy configurations without rebooting the device, allowing admins to tune their configurations efficiently

Better, more robust protection for cloud infrastructures

Improve and simplify the protection of cloud or multi-cloud infrastructures by removing several challenges for customers wanting to migrate to more modern cloud infrastructures.

Ensure cloud deployment is highly available and that connections between the various cloud platforms are protected.

  • Introduce a high-performance model to meet more user scenarios, single imaging for different models, with a seamless upgrade without reinstallation
  • Ensure high availability for Cloud protection
  • Support an IKEv2-enabled, secured VPN connection between clouds
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.