The Next Generation Firewall (NGFW) appliance has been the cornerstone of network security for the past two decades. It applies deep packet inspection (DPI) and multiple security engines to inspect both inbound and outbound traffic and enforce a company’s security policy. The main characteristic of a NGFW is application awareness: the ability to detect and enforce policies on applications usage based on packet content rather than packet headers (source and destination IP addresses, ports, and protocols).
A cloud-based NGFW (also known as Firewall as a Service) delivers a powerful, application-aware, enterprise-grade, elastic and scalable solution without the challenges of legacy appliance-based solutions.
"Much easier to manage than a traditional firewall and the mobile client was much easier to deploy and configure than our existing approach."
- Todd Park,VP of Information Technology, W&W-AFCO Steel
ICG is providing a new kind of a Next Generation Firewall, one that is available everywhere the business does business without the need for discrete appliances. ICG aggregates all enterprise traffic across data centers, branches, mobile users, and cloud infrastructure into a cloud network with built-in Next Generation Firewall. ICG enforces application-aware corporate security policy for WAN- and Internet-bound traffic.
Next Generation Firewalls detect common network applications based on data flows using DPI. Application IDs that are discovered can then be used in firewall policies for more granular control. Customers must indicate to the firewall vendor when application traffic is not detected or classified and wait for an appropriate signature or patch.
ICG uses its cloud traffic visibility to quickly extend its detection of new applications without involving the customer. New application identification capabilities are immediately available to all customers.
Appliances are location-bound and can only inspect the traffic that flows through them. This is why appliance sprawl and backhauling are needed to get inspection and enforcement to where the traffic is.
As all WAN and Internet traffic goes through the ICG SD-WAN Cloud, there are no blind spots or need to deploy multiple appliances to cover all traffic.
Next Generation Firewalls apply various security engines to the traffic including IPS, anti-malware, URL filtering and more. Running these engines in parallel depends on appliance capacity. Smaller devices, such as UTMs, are limited in their security enforcement due to capacity constraints.
ICG can inspect any encrypted and unencrypted traffic with all supported security services and no impact on performance. Customers avoid sizing exercises or forced upgrades. ICG ensures there’s capacity so customers receive the full range of security services.
Next Generation Firewalls need to inspect encrypted (SSL) and unencrypted traffic at line speed. Encrypted traffic places a significant load on the appliance and often creates scalability and performance issues. As the share of SSL traffic increases, forced appliance upgrades often become a necessity.
Cloud-based inspection scale to support all traffic without the need for unplanned or forced upgrades.
Distributed Next Generation Firewalls require an appliance at each location, with its own set of rules. Deviations from a policy template tend to happen over time and increases the likelihood of rules conflict and security exposure. Furthermore, each appliance life cycle has to be managed separately. Appliances must be bought, deployed, configured, patched, updated and ultimately replaced either due to an End of Life (EOL) or business growth.
Without the need to size, upgrade, patch or refresh appliances, customers are relieved of the ongoing grunt work of keeping network security current against emerging threats and evolving business needs.
Read how you can cut costs, sustain the service levels your business needs, improve overall agility and flexibility, and get enterprise-grade security, by just offloading your MPLS with SD-WAN.
Face to face or over Zoom, we are here to help you.