NGFWs
provide basic firewall functionality such as URL filtering, antivirus, and
support for remote access VPNs, but they go beyond stateful inspection
firewalls with many advanced security features, including:
Application
awareness enables granular policy enforcement and control based on specific
applications, their content, the source and destination of the traffic, and
more, rather than limiting enforcement by port, protocol, or IP address.
Deep Packet
Inspection (DPI) analyzes the contents of network packets to identify
application-level details and identify threats hiding in legitimate traffic.
Intrusion
Prevention System (IPS) capabilities detect and block known and unknown threats
by inspecting traffic for suspicious patterns and behavior.
User
Identification enables the NGFW to associate network activity with specific
users, not just where they connect from, for use in user-based policies and
monitoring.
TLS/SSL
Inspection decrypts and inspects TLS/SSL encrypted traffic, which is the vast
majority of traffic today, to find hidden threats. (However, inspection is very
processor-intensive, so hardware limitations slow down firewall performance.)
Threat
Intelligence Integration enables the ngfw to update protection measures based
on newly discovered threats from multiple sources, including an organization's
own network nodes, public network nodes, and third-party provider-feeds.
No comments:
Post a Comment