Today’s corporate networks are stretched to the breaking point.
Expected to give employees, customers and partners anytime, anywhere access to critical data in the cloud and from mobile and Internet-of-Things (IoT) devices, organizations are finding it increasingly difficult to see where the trusted corporate network ends and the untrusted Internet begins. These borderless environments continually poke holes in traditional security tools, including next-generation firewalls (NGFWs).
The days of architecting networks simply to protect trusted internal users and data from untrusted outsiders are over. Today, trusted users wield unmanaged employee-owned devices and log on via public Wi-Fi or cellular networks. They demand access to reams of critical corporate data residing anywhere from a company data center or a cloud server, to a software-as-a-service (SaaS) application or a third-party partner network.
All of these factors converge to drive the exponential growth of network attack surfaces, just as security solutions focused solely on the traditional network border become less effective.
To compensate, many companies deploy NGFWs. These newer firewalls provide both the range of stateful network and application capabilities inherent in unified threat management (UTM) firewalls with the scalability, processing power and granularity of controls required by large enterprises.
But even with these advantages, NGFWs are not to be looked at as a panacea for modern security challenges. Because as enterprise networks evolve, NGFWs alone are not enough because they:
- Do too much at once: Collapsing multiple security functions (stateful network plus application inspection, including IPS, web filtering, antispam and antivirus) into a single firewall unit leads to misconfiguration, missed log incidents and increases the chances a breach will go undetected.
- Don’t work well with others: Using NGFWs along with a variety of point solutions to shore up security at the mobile, cloud and IoT level means deploying, managing and monitoring too many tools, using too many different user interfaces and competing alert schemes. Once again, a lack of centralized security means breaches can more easily fly under the radar undetected.
A Better Approach
What companies really need is a way to integrate comprehensive NGFW technology into a more specialized-yet-collaborative defense strategy. This means using:
- The right tools for the job: Rather than force-fitting too many features into one device, the best security considers where a firewall is deployed – at the data center, the cloud or internal network segment – and allows IT to tailor the performance and security inspection technologies to fit.
- Increasing collaboration: The best tools are tailored to protect certain layers – data center, cloud, mobile, etc. – but also can communicate and collaborate with all other tools at other layers. This way, network and security intelligence is shared across domains and toolsets, enabling organizations to centrally apply security policies and manage security events end-to-end from a single pane of glass.
We can deliver the advantages of a modern, collaborative security platform with best-in-class next-generation security technology with Fortinet’s Enterprise Firewalls that do just that. A business firewall can be deployed at exactly the right spot, with exactly the right features, all while working closely with other tools to deliver high-performance bulletproof security, no matter where or when it’s needed.