For the CompTIA Security+ exam, it’s important to understand what Next-Generation Firewalls (NGFWs) are. In this article, let’s learn about additional functionality that we get by using them.
What is a Next-Generation Firewall (NGFW)?
A next-gen firewall, also known as NGFW for short, is a firewall that includes newer technology that didn’t use to exist in earlier firewall technology. We’re talking about technology like:
- Intrusion prevention system (IPS)
- Deep packet inspection (DPI)
- Application awareness and control
- Threat intelligence
Let’s learn more about each of these technologies and why they matter.
Intrusion Prevention System (IPS)
Intrusion prevention systems (IPS) help detect and block cyber attacks throughout our networks by analyzing incoming traffic and looking for known or potential threats. As it detects them, it can also take action and block them. This is different from intrusion detection systems (IDS) which only detect threats but doesn’t take action on them.
An IPS can use signature detection to detect known threats, and the signatures used should be updated regularly (ideally daily).
Anomaly detection is another approach used by an IPS to detect potential threats by analyzing behavior and comparing it to a baseline. If it deviates from that baseline, then it could indicate a threat.
Studying for the Security+? Get CompTIA Security+ Certified with our high-quality certification preparation course and practice exams
Deep Packet Inspection (DPI)
Deep packet inspection (DPI) is able to inspect data packet headers and payloads instead of just the headers. Because headers may look perfectly clean while the payload itself is what contains malicious code, we’re able to use DPI to detect malware or other sorts of malicious data in a way that older, more traditional firewalls wouldn’t have been able to.
Application Awareness and Control
Application awareness and control is able to control what applications can access, and it could even block entire applications from running. If the application’s data isn’t able to get past the firewall, then it can’t function properly.
If it’s a potentially risky application, then this can be an effective method of preventing that application from functioning in our networks.
Next-gen firewalls are able to do that because they’re able to operate at layer 7 of the OSI model, which is the application layer. Traditional firewalls are only able to analyze traffic at layers 3 and 4.
Threat intelligence is interesting because it provides information about potential attacks. As adversaries become more and more sophisticated, so do their attack techniques. Next-gen firewalls can receive threat intelligence feeds from all sorts of vetted external sources which we’ve talked about in the past, and they can use that information to keep our IPS signatures up-to-date. If there is a development of attacks around the world from a set of IP addresses, our firewalls can also receive that information and pre-emptively block those sets of IP addresses that are known to be actively performing attacks.
Unified Threat Management (UTM)
A term that used to be used but is now seen less and less often is Unified Threat Management, or UTM. UTM describes the approach of having a single hardware or software appliance that provides multiple security functions.
We see this term used less often because Next-gen firewalls provide this type of functionality. Instead of having to deploy multiple devices or software applications to get a network firewall, an IDS, an anti-virus, deep packet inspection, VPN functionality, etc…you can now oftentimes purchase one solution and get it all in one.
If you see the term UTM on the exam, just remember that it’s describing this combination of functionality in one offering.
Concluding Next-Generation Firewalls for the Security+
As we can see, next-generation firewalls provide powerful additional functionality that you simply couldn’t get with traditional firewalls, and that additional functionality can help keep our networks secure.