6 Steps to Evaluating a Next Generation Firewall

Six Steps to Evaluating a Next Generation Firewall

-2-

What You Will Learn

Whether you are evaluating a Next Generation Firewall for the first time or are researching because your current solution is less than optimal, knowing what to look for can save you time and money in the long run.

These six key steps to evaluating a Next Generation Firewall will serve as a checklist for evaluating your options. The goal is to help you evaluate competitive offerings and understand new approaches to basic problems of vulnerability assessment, malware protection and cloud-based application control.

This document will cover:1. Network Access Requirements2. Is a Next Generation Firewall Right for Me?3. Management of Evolving Policies4. Ease-of-Use and the Ideal UI5. Critical Features to Consider6. Understand Total Cost of Ownership

1. Network Access Requirements

It’s almost certain your organization has defined network security policies and you need to know the requirements before you choose a Next Generation Firewall. Confer with your management so you can understand exactly what’s needed to meet your business goals but also enforce your organization’s security policies. Find out if there are certain hours of the day when fewer restrictions are needed such as lunch and break times, and also the level of restrictions you want to apply to different departments or groups within your organization.

Your security policies should address all forms of network & application interaction including CRM platforms, social media sites, blogs and other applications where employees may be posting information. You should also determine if special ratings or other customizations may be necessary in order to meet your organization’s requirements. Look for a solution that offers the flexibility to enforce and update your corporate security policies easily and accurately.

2. Is a Next Generation Firewall Right for Me?

Once you have assessed your network access requirements it’s time to decide what sort of protection you need. Let’s outline the difference between the Next Generation Firewall and a Unified Threat Management (UTM), another popular solution.

In recent years, the demand grew for a centralized system with a set of diverse features such as gateway antivirus, URL filtering, intrusion prevention and content filtering. It wasn’t long after that the UTM was created. With its ability to “bolt on” features, the UTM became a popular solution. However, larger organizations quickly realized that the more features you add onto a UTM, the slower your network became. Demand then rose for a standalone system that could provide comprehensive protection without sacrificing network speed.

Enter the Next Generation Firewall. Designed to perform complex packet inspection and intrusion prevention, the Next Generation Firewall is able to keep up with throughput of large enterprises. It was not until recently that application control was added to Next Generation Firewalls, allowing organizations to consolidate their security onto one stand-alone appliance without the need to “bolt on” any features.

The Next Generation Firewall became even more popular as ease of use and granular controls became more advanced. Within the simple UI, a user can modify rules for an entire company or a single employee, making it extremely customizable. If an organization is of medium size or larger, or requires very specific set of network rules and policies, then a Next Generation Firewall is optimal.

Six Steps to Evaluating a Next Generation Firewall

-3-

3. Management of Evolving Policies

You will want to understand how the Internet impacts your business and what you need to be aware of. Different departments will have different needs for network and application access, and your Next Generation Firewall must be able to accommodate these different needs, but in a way that’s scalable and enforces corporate security policies. Choose a solution that will allow you to implement and manage complex and potentially overlapping policies, so you can optimize your IT resources and provide your end users with the network and application access they require.

Look for a solution that offers object-based rules writing, with configuration for User, Application, Source Location, Destination and Time. This provides an easy way to manage and change rules without accessing the command line and updating code

4. Ease-of-Use and the Ideal UI Today’s technological world puts a lot of stress on IT departments, so it’s vital to find a solution that is not complicated or time-consuming to install, administer and maintain. Look for a Next Generation Firewall that provides an easy-to-use UI where most, if not all, of the Next Generation Firewall settings can be configured without needing to access the command line. A best-in-class UI allows an Administrator the ability to login, change policy and then exit the Next Generation Firewall in little time.

Whether your network requirements are simple or complex, look for a Next Generation Firewall that can adapt to the inevitable changes you will make as you grow your business, or upgrade your systems. Look for a Next Generation Firewall that allows an administrator to manage complex and overlapping policies with the ability to update rules intuitively based on User, Application, Source Location, Destination and Time.

5. Critical Features to Consider

An effective Next Generation Firewall involves more than just network security. It is the first line of defense when a hacker wants to penetrate your network, and the last line of defense protecting employees from harmful content. Evaluate a Next Generation Firewall that supports the following:

• Comprehensive DefenseA Next Generation Firewall must have a multi-layer defense to precisely identify threats and eliminate them on an application level. With the advent of cloud-computing and mobile devices, a Next Generation Firewall needs to have many facets and layers of defense that are interconnected and communicate with one another. Look for a Next Generation Firewall that has comprehensive defense layers that can provide optimal security across your entire network.

• Efficient Policy ManagementEvolving security policies combined with multiple administrators often results in a complex and confusing rule set. When security measures begin to overlap it creates headaches and slows down your network. Look for a Next Generation Firewall that identifies and/or resolves duplicate and allows custom labeling of policies.

• Robust Application ControlYour Next Generation Firewall needs to keep pace with the new applications that Sales, Marketing and other departments will ask you to provide access for. Look for a Next Generation Firewall that can keep up with the growth of applications (the more the better!) and receives regular updates.

• Real-time Security UpdatesUnfortunately, hackers and cybercriminals are creating new harmful content each day. A Next Generation Firewall is useless if it cannot stay updated on the latest threats and cyber trends. The ability to update security measures in real-time is a must-have. Look for a Next Generation Firewall that is constantly updating and pushing out new rules

Six Steps to Evaluating a Next Generation Firewall

-4-

and policies in real-time.

6. Understand Total Cost of Ownership (TCO)

In these days of the shrinking IT budget, it’s important to find a solution that is cost-effective. So when determining total cost of ownership, the equation is broken down into four parts.

• How much maintenance does the solution require? According to a recent Gartner report, TCO can be up to 4.5 times higher than purchase price when maintenance, troubleshooting, and upgrade costs are added to the tally.

With a Next Generation Firewall you can expect an annual maintenance checkup to ensure all the features are working effectively within the network. With the amount of features and capabilities that a Next Generation Firewall has, and depending on the settings a user has for his employees, it is routine to check up once a year to ensure stability and effectiveness. When looking for a Next Generation Firewall, be sure to ask about annual checkup costs and include in the total budget.

• How much time is devoted to maintaining the Next Generation Firewall? This will vary for each IT department, but the truth is, a well designed Next Generation Firewall will cut your time down significantly. Many Next Generation Firewalls, even if they are on-site, have very sophisticated configurations and make policy adjustment and implementation a daunting and time-consuming task. Look for a Next Generation Firewall where the majority, if not all, of the settings you need are within the UI and allows for swift entry, policy adjustment and swift exit with real-time implementation.

• How long can you wait to be rescued?As you well know, IT runs into problems more often than most departments. In today’s world, a down network could mean a down business. So when considering which Next Generation Firewall is right for you, make sure you know what sort of maintenance you need. Some businesses can last a week or so with network outages, some cannot last more than a few minutes before they start losing money. Determine where you fall and budget your maintenance around that.

• Will you have my back?When shopping for a Next Generation Firewall look for a vendor that provides support 24 hours a day, 7 days per week, so in the event that your Next Generation Firewall goes down in the early hours of Sunday morning, an expert can help you troubleshoot, and if need be, replace the unit entirely that day.

Be aware that many vendors have outsourced their customer support functions or downgraded support for smaller accounts in favor of large enterprise customers. Customer needs are met with delays in reaching a live support person through tedious automated systems that server to frustrate customers more than assist them. Make sure you get the support you need so you can sleep well at night.

A Solution to Consider: The EdgeWave EPIC Next Generation Firewall

Include the EdgeWave EPIC Next Generation Firewall in your search. It was designed to keep your staff and data safe from even the most sophisticated network and application threats. The EdgeWave EPIC Next Generation Firewall provides granular application control, accurate threat detection and efficient policy management delivered via a high-performance appliance making network security simple, consistent, and cost-effective. All the features you need to efficiently secure your network are included:

• Traffic Control – EdgeWave EPIC Next Generation Firewall identifies over 6,000 applications, providing the most comprehensive coverage in the industry. EdgeWave also runs frequent updates to ensure the security and control of new applications

15333 Avenue of Science, Suite 100San Diego, CA 92128

Give us a call1-855-881-2004

Send us an email:info@edgewave.com

For more info, visit us at:www.EdgeWave.com

Six Steps to Evaluating a Next Generation Firewall

• Management Optimization – EdgeWave Smart Policy Management Optimization provides easy configuration management with automatic traffic learning and policy update auto-suggestion

• Better Security – EdgeWave EPIC Next Generation Firewall provides full-featured application layer threat prevention to defend against unknown threats

• High Performance – EdgeWave EPIC Next Generation Firewall is powered by an advanced appliance, providing industry-leading throughput with all security functions enabled

About EdgeWave

EdgeWave is a cyber security industry leader, delivering innovative, effective and efficient protection across the full spectrum of business and government organizations. EdgeWave EPIC (Enhanced Precision Integrated Cyber Capabilities) combines real-time human and artificial intelligence with a Military-Grade operational approach to anticipate, identify, and defend against sophisticated adversaries and advanced security threats.

For more information, visit:

• www.EdgeWave.com for more information about EdgeWave• www.EdgeWave.com/products/Firewall to learn more about EdgeWave’s Next Generation Firewall• www.EdgeWave.com/products to learn about EdgeWave’s award winning cyber security solutions

Take the next step and see for yourself how the EdgeWave EPIC Next Generation Firewall can secure your network