Next-generation firewall, or NGFW, is a hardware- or software-based network security system that combines a traditional firewall with other network device-filtering functions to detect and block sophisticated attacks. In the transcript that follows, Nemertes Research CEO Johna Till Johnson offers a next-gen firewalls overview -- why you need them, what they should do and who offers them.
What about next-generation firewalls? Basically, next-generation firewalls do deep packet inspection. If they find something that's bad, they reroute it, they sandbox it [and] they protect the organization against it. You can use next-gen firewalls to do things like enable internal and external traffic segmentation. So, for example, you can segment traffic on your network, so stuff that you deem inappropriate for certain parts of your organization [goes] in certain places. This is actually starting to emerge as a technique to be used in the data center's internal segmentation.
Who makes it? [A] classic example is Palo Alto, but plenty of people do this, as well. Cisco is jumping into the game. You've got Dell [and] Barracuda. Fortinet and Juniper are really stressing the high-performance component of their devices. [There] is a whole slew of folks that do this.
You're going to start to see these generally become more tightly integrated with NSX-v -- NSX-v being the VMware solution -- and you're going to see them more tightly integrated into the overall security ecosystem, including authentication, encryption and things like that.
NSX-v integration is actually very, very important. Right now, VMware has some strategic partnerships with a number of the next-generation firewall folks. At the moment, they're really promoting the one with Palo Alto. I would expect to see them beef up their roster of next-gen firewalls that they support, but right now, that is actually a selection criterion for a lot of folks.