This post is part of a blog series where we dissect the ten things to test in your future next-generation firewall. These ten points will help ensure your next firewall matches the needs of your organization in its current and future states.
Offer Consistent Protection No Matter Where Users or Applications Are
Users are more mobile than ever, and they need access to applications from remote locations. With the growth of cloud usage, the applications may not always reside in a corporate data center. However, many organizations do not have visibility into traffic when users access the internet and cloud applications off-premise, and thus security is often compromised.
Why Should You Advocate and Test This Capability?
Your organization should be able to protect all users in the same manner, without the need for different security profiles depending on the user’s location. Since security policies are more effective when they can be administered in a consistent manner, a single set of tools and a common policy framework will give security teams greater control.
Move Beyond the Status Quo
Many companies use VPNs solely for remote access (bringing traffic back to headquarters). When users are not connected, organizations often use other products for off-premise users. However, those products only solve a fraction of the security issues users encounter. For example, products based on DNS filtering block connections to some known bad domains, and web security products block some known bad URLs. Both measures are easily bypassed. Thus, these add-on products add administrative complexity to the environment with fragmented policy, more consoles, steeper learning curves and heavier workloads without adding meaningful security value.
Your organization should maintain the same protection wherever your users work, whether on-premise or off. Deployment options should provide flexibility to support consistent coverage for all users and locations. This way, no matter where users are, they can easily connect to the cloud service or a firewall for security and receive the same protections from known and unknown threats.
Recommended RFP Questions
- Can your NGFW provide consistent security policy for mobile users?
- Can you protect users who are not behind an NGFW?
- Can your NGFW use multiple physical/virtual firewalls to support an always-on VPN connection?
- Can your NGFW utilize the cloud to bring protection closer to the user?
Attackers and their techniques are more sophisticated than ever, enabling advanced attacks that are targeted, automated, evasive and span multiple environments.
Your future firewall, as well as the various security products that make up your security infrastructure, should be comprehensive and include:
- The best technology with the ability to rapidly, automatically prevent attacks at every step of the attack lifecycle for known and unknown threats. These products should deliver consistent, risk appropriate protection for data and users regardless of location. Your security ecosystem should offer agile, flexible updates, allowing you to adapt to changing risks and workloads.
- Operational efficiency delivered by automation and API integrations, reducing time spent on error-prone, manual tasks. Security should be operationalized over various environments without straining resources or budget, and without adding complexity, allowing security teams to focus on strategic efforts that are more critical to the organization.
- Knowledgeable, responsive service and support teams to minimize your learning curve and keep improving your security posture long after the initial migration. You should be able to maximize your investment over time and achieve higher levels of security.