Loading...
Loading

Is DNS An Example Of Why Data Recovery Is Needed Following A DDoS Attack?

2014-10-02by Diane Forster

The firewall is the most essential component for network security control. Many organisations are now turning to next-generation firewalls (NGFW) that offer new, innovative capabilities.

The Next Generation Firewalls Must-have Features

 

Whether it’s a replacement for an existing firewall or an intrusion detection system, or a standalone security control point, there are multiple features to contemplate when considering a next-gen firewall for your network security. These features include the following:

  • Application identification and control.

Any NGFW must have the ability to properly dissect, decode and analyse application traffic for deviation and known threats based on signatures. An effective next-gen firewall must permit granular application policy development and monitoring, as well as updates to the dissecting and processing engine that allows the device to evaluate rules and apply them consistently.

  • Protocol dissection and anomaly detection.

Any next-gen firewall should be able to rapidly break down protocols into their component parts. Many attackers employ complex tunneling techniques to embed command traffic or sensitive data within other protocols. As a result, next-gen firewalls need to determine whether traffic types are genuine or fabricated to carry attacker data.

  • User identification.

All enterprise-class next-generation firewall platforms should be able to connect to a variety of directory sources and correlate activity in the environment to individual user identities. Ideally, the system should be able to map an IP address to a system name as well as to the user logged into that system. Role-based policies on the firewall can then be applied to the specific users detected.

  • Speed and performance.

As an inline device filtering traffic, another key attribute of any NGFW evaluation should be speed. Given the intense processing and analysis of packets coming through any next-gen firewall device, traffic latency is a major concern. Many products boast sustained speeds of 10 Gbps and more, and these should be tested thoroughly with real production traffic if at all possible before making a purchasing decision.

news Buffer
Author

Diane Forster

Complete Network Security Solutions From Prodec Networks

To find out more about Next-Generation Firewalls or network security then please get in contact with the Prodec Networks team by calling 01189 602500 or fill in the online contact form.

View Diane Forster`s profile for more
line

Leave a Comment