Published on March 4, 2014
Next Generation Firewalls: Ready or Not David Strom AITP St. Louis March 2014 firstname.lastname@example.org 1
Who am I? • Long time tech journalist, product reviewer and speaker • IT manager from the dawn of the PC era • Former editor-in-chief at Network Computing, Tom’s Hardware.com • Author of two books on computer networking • Based here 2
Agenda • • • • Next Gen distinguishing characteristics Issues with next gen deployment UTM pro and con Advanced persistent threat tools 3
The older firewall generation 4
Cisco ASA: what it used to be like 5
Next Gen distinguishing characteristics • • • • Applications granularity and awareness Integrated IPS IP Reputation management Geolocation 6
Cisco ASA applications granularity 8
New Cisco ASA Dashboard 9
And another Cisco view 10
Palo Alto Networks “Applipedia” 11
Reputation management 13
McAfee Enterprise Firewall geolocation feature 15
Deployment issues • Next gen does things differently from old school: – NAT – QoS – Outbound vs. inbound rule focus 16
Understanding app ID implications for users 18
One obstacle to switching to next-gen 19
Network documentation isn’t current 20
Handling VMs still an issue 21
Lots of VM security products… 22
Catbird’s compliance radar graph 23
Infrastructure misuse 25
What about UTMs? • Pro: – A lot of protection for the $ nowadays (Juniper/Check Point) – One box does it all • Con: – Complex licensing issues – Can get expensive if you have high bandwidth needs – Latency can kill you if you turn on Anti-Virus 26
Juniper SRX dashboard 27
Watchguard UTM 30
APT tools • Try to catch the bad guys before they actually deploy their payloads, such as from Norse Corp. (local boys) and Cyphort 31
For more info • • • • • email@example.com Twitter: @dstrom http://strominator.com TechTarget article: http://bit.ly/1dISmx4 Network World review ofUTMs: http://bit.ly/1fJtmHE 33
Next generation firewalls: ready or not David Strom. The One Quality Every Successful Person Needs Jeff Haden Influencer. The 10 Biggest Grammar Mistakes ...
While many information security teams may be perfectly happy with the "old" firewall and its role in the network security infrastructure, next-generation ...
Next-Generation Firewall vs. Traditional Firewall NGFWs ... Evolution of Next-Generation Firewalls. Modern threats like web-based malware attacks, ...
Next-generation firewalls, or application-aware firewalls, have enjoyed well-deserved hype from network engineers...
When we tested four next-gen firewalls ... of a next-generation firewall is the ability to ... were not integrated into the firewall ...
NSS Labs released results and analysis from its 2012 Group Test for Next Generation Firewall ... Are Next-Generation Firewalls Ready ... not receive any ...
... a next-generation firewall is becoming a requirement to separate ... Next-gen firewalls: ... Are we ready for memristor-based artificially intelligent ...
McAfee Next Generation Firewall (NGFW) ... You’ll learn why they are growing concern, why technology alone is not enough to keep them in check, ...
Next-Generation Firewalls For Dummies ... 8 Next-Generation Firewalls For Dummies are not isolated: the U.S. Army’s Walter Reed Medical Center,