IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
Nobody should have just a standard firewall any more (aka: a port based router), nor is there still a real need for discreet solutions. When was the last time you carried around separate GPS, mobile phone, torch, mp3 player and camera? Miniaturisation and Moore’s Law have done for security what they have done for the SmartPhone. Next-Generation Firewalls are just Firewalls with extra features, like Application Control. So are Unified Threat Management appliances. UTM got a bad name early on, because their performance limited them to small businesses and thus a more focused NGWF was born. But there are UTMs on the market today that can do over 10Gbps even with all the tuples turned on!
If it’s all about tuples, then UTM is worth revisiting. Source, destination, port, user, group, time of day, virus, reputation, url filter, spam, application, sensitive data, IPS, APT… That’s a tuple of tuples.
LOL, "tuples". It is a weird term just seeing it sitting there out of context. It's kind of a shorthand thing used when talking about firewalls to indicate the number of attributes in a packet that are inspected to decide whether it meets access requirements (such as source and destination IP addresses, TCP, etc.). A 3-tuple allow rule would inspect 3 attributes, a 5-tuple would inspect 5 attributes and so on. I never thought about it before, but I guess it is just an easier way of saying something like quintuple or sextuple without having to remember all the specific words. I think it mainly gets used to make the user sound cool, or at least like they know what they are talking about.
NGFWs basically add to what firewalls already do and adds to it. NGFWs are aware of applications, and you can decide to do things like deny or authorize an applications use by specific individuals. They also allow you to deny access to websites and applications online in compliance with your company policies. There is also a SSL decrypt that basically secures traffic from your internal user to the firewall, and separately it secures traffic from the internet host and firewall, with plaintext on the firewall - more or less realtime SSL re-encryption. So they do offer a lot more than existing firewalls, but whether they are worth the additional costs or not depends on what level of control you want to have over your traffic and how much protection you need for your data.