“We live in a new world,” says Sweeney, Dell SonicWALL’s Executive Director of Product Management. “Our staff must constantly access the Internet in order to use programmes that are directly relevant to their jobs.”
However, this access allows employees to visit unapproved sites that may be infected with malware, creating a whole new set of threats that the next-generation firewall can avoid.
Sweeney claims that next-generation firewalls improve security by scrutinising every packet of data that passes across the web. They do, however, provide a new level of application control. “They allow us to quite literally select what online applications should come in, for whom, and to bandwidth-manage – to provision bandwidth for the ones that are vital to us, and to delete from the network… the ones that are not germane.”
Sweeney explores the following topics in an interview regarding next-generation firewalls:
Why do businesses need a next-generation firewall? How can you get started? Where can you find unbiased information?
Sweeney has worked in high-tech product management, product marketing, corporate marketing, and sales development for over 20 years. He is in charge of the Network Security, Content Security, Business Continuity, and Policy & Management product lines at Dell SonicWALL. Minerva Networks’ Vice President of Worldwide Marketing; Silicon Graphics Inc’s Senior Manager of Product Marketing & Solutions Marketing; Articulate Systems’ Director of Worldwide Sales & Marketing; and Apple Computer’s Senior Product Line Manager are among his previous positions. He earned his MBA from Santa Clara University in California.
What’s the Point of a Next-Generation Firewall?
TOM FIELD: I’m Tom Field, and I’m a writer Let’s start with the question itself. What are the benefits of a next-generation firewall?
SWEENEY, PATRICK: Most businesses today have firewalls in place, which is fantastic. It performs some fundamental functions. However, today’s issue is actually two-fold. One, the issues are becoming apparent. The malware is sent in the payload, which is not inspected by [conventional] firewalls. Next-generation firewalls are what we need now because they feature deep-packet inspection, which will allow us to examine every single byte, across every single interface, and across every single protocol. This will enable us to detect malware invasions and spyware in the packets. That’s only half of the storey.
Another reason why next-generation firewalls have become so crucial is that we now live in a new world where Web 2.0, cloud-based computing, and our employees must constantly access the Internet to use apps that are directly relevant to their jobs. However, it also implies that our employees have unrestricted access to the Internet and are free to visit sites they shouldn’t. They’re travelling to infested locations. This presents two issues: a security issue and a productivity one. Next-generation firewalls provide us with protection by inspecting every single packet and providing us with a whole new degree of security. They also give us something called application control, which allows us to identify all of those different webified applications, all of the traffic coming out over Port 80 and Port 43, and they allow us to quite literally determine what web applications should come in, for whom, and to bandwidth-manage and provision bandwidth for the ones that are critical to us while removing or slowing down the ones that aren’t. Next-generation firewalls provide both productivity and security.
FIELD: Typical Deployment That’s a fantastic summary. Where do you look for firms who are adopting next-generation firewalls?
SWEENEY: It can be used by any type of business. Today, every size institution you can imagine is installing next-generation firewalls. I’ll use a couple of instances to illustrate my point. U.S. Cellular, one of the largest telecommunications companies in the United States, is deploying LTE, and they need to go well beyond stateful. They wanted something that could guarantee security as well as manage and throttle the connections coming through in order to keep LTE productive in a world where there are so many different mobile devices connecting to so many different applications. They implemented LTE next-generation firewalls in their largest deployment to be able to regulate traffic and provide security and productivity.
You can then go to other institutions, such as universities. It’s a very problematic network situation because you have information freedom, but you also have very, very dirty networks. You want to be able to provide true high-level security for all traffic passing through your network. At the same time, you want to make sure that academic courseware receives priority bandwidth and that things that aren’t relevant to academics receive decreased bandwidth. Another excellent example is universities.
Then there’s retail point-of-sale. The most significant characteristic of anyone who has a very broad, distributed network, because they have little boxes and large boxes, is that they have a lot of different physical places, and they need to provide a high level of security. They must be PCI compliant, and we’ve discovered that large POS firms are putting next-generation firewalls at branch offices, small retail sites, and at the central site.