You are here

Best Practices for Selecting a Next-Generation Firewall

IT leaders considering next-generation firewalls have a variety of features to choose from.

Organizations seeking to adopt an NGFW strategy should carefully select the product that best meets their security and business requirements. They should approach this in the same manner as any other technology selection process, consulting a variety of vendors and consultants. What follows is some practical advice to help enterprises select the right NGFW for their environment:

Develop requirements carefully

The NGFW fulfills numerous networking and security functions. Input from a wide variety of stakeholders — security, networking, application and virtualization teams — can provide valuable insight and assist in the development of a robust set of requirements to guide the process.

Review a variety of solutions

The NGFW market has many vendors. Organizations should consider all of the major players in the selection process and compare them with the enterprise’s requirements. The selection process should include solutions from vendors such as Cisco Systems, Fortinet, Palo Alto Networks, Sophos and Sourcefire. Each of these vendors brings different strengths, feature sets and price points to the market.

Consider differences in administrative features

IT managers must think about the administrators who will need to use these systems on a daily basis. What management features does each product offer? Are real-time analytics possible? Do the specific application monitoring and control functions of the NGFW meet the business and technical requirements?

Performance is paramount

The NGFW will, by necessity, be a chokepoint in an enterprise network, and performance issues will quickly ripple through systems and applications. Do the products under consideration offer high-performance processing? Do they run on software or purpose-built high-performance integrated circuits? Do they leverage multithreading or asynchronous parallel processing? Does the vendor support the use of clustering to provide increased performance and resiliency?

As organizations approach the NGFW selection process, they should consider a simple principle: Design with the future in mind. While an NGFW certainly must meet existing business requirements, it also must provide an acceptable level of functionality for future use.

Enterprises should look to their strategic plan and consider whether it includes foreseeable increases in networking or security needs. With this information in mind, they can design an architectural approach that will either accommodate those needs directly or support a cost-effective expansion when required.

Want to learn more? Check out CDW’s white paper “Next-Generation Firewalls: The New Norm in Defense.”

Sergey Nivens/ThinkStock
Nov 17 2014

Comments