By limiting the types of traffic that can enter the protected network and their destinations, firewalls are primarily used as the first line of defense against external threats.
Overall, firewalls can be classified into five main categories.
A network firewall is a cybersecurity solution that secures bidirectional traffic across a network. Traditionally, organizations deployed a network firewall as a hardware appliance. However, additional deployment options are on the rise, including virtual appliance firewalling, cloud-native infrastructure-as-a-service (IaaS) firewalls, and firewall-as-a-service (FWaaS) solutions hosted by the service provider.
Firewalls were introduced in the 1990s, and became a primary method to establish and secure a network perimeter. Today firewalls are used:
Firewalls perform several critical functions for organizations:
In a mature security organization, firewall data flows into a security information and event management (SIEM) system, and is correlated with data from other security tools and IT systems. This can allow detection of threats and security incidents that cut across multiple layers of the IT environment.
The CIA triad – Confidentiality, Integrity, and Availability- represents the ultimate goal of information security efforts. Here is how a firewall can address each of the CIA functions:
Network firewalls are pre-programmed with a set of security features enabling them to address specific threats. Collectively, these features help provide a multi-layered defense strategy.
Some common features found in modern network firewalls include:
Network firewalls were introduced in the 1990s, and have gone through several generations: from legacy firewalls, to next-generation firewalls (NGFW), to firewall as a service (FWaaS).
A network firewall secures a local network and prevents unauthorized entities from accessing sensitive systems and data. It separates the secured network from a less secure, broader network (e.g., the Internet) to control traffic between them. Network firewalls are essential for protecting resources that are connected to the network and preventing attackers from accessing them.
A next-generation firewall (NGFW) builds on the basic stateful inspection capabilities of a legacy firewall. It provides the additional capability of deep packet inspection (DPI) – looking inside data packets to identify malicious activity. NGFWs are also application aware – they can inspect network Level 7 to block or allow data packets depending on the application they are intended for. This allows administrators to block dangerous applications.
Additional capabilities offered by NGFW solutions include a built-in intrusion prevention system (IPS) and integration with threat intelligence feeds, which allow an NGFW to block traffic from IP addresses that were used for malicious activity in the past.
Traditionally, NGFW was deployed as a hardware appliance. Firewall as a service (FWaaS) is a new way to deploy NGFW security functionality. An FWaaS is a cloud-native firewall that a cloud provider offers as a service.
In a modern IT environment, the network perimeter is disappearing. Users increasingly access networks from mobile devices and remote locations, and organizations are moving critical resources to the cloud, meaning that many assets are outside the organization’s direct control. These changes require a new type of security solution that is able to protect corporate assets wherever they are, and enable access from any location or device.
An FWaaS solution provides NGFW functionality as a cloud-hosted service. FWaaS decouples security functions from physical infrastructure, so organizations can benefit from NGFW protection wherever IT assets are running – on premises or in the cloud – and no matter how or where they are accessed from.
FWaaS has significant advantages over physical NGFW appliances:
Unified threat management (UTM) is a term coined by IDC in 2003, and adopted by Gartner in 2008. Gartner defines UTM as a multifunctional network security product that can be used by small to midsize businesses (SMBs), and includes three sets of capabilities:
An NFGW is similar to a UTM, in that it is also a multifunctional network security product, and also includes some or all of the above components. However, its main focus is on providing access control for large-scale, high bandwidth networks. Therefore, NGFW is typically more suitable for large enterprises.
Related content: Read our blog on NGFW vs UTM