Introduced in the late 1980s as an evolution of the router, first generation firewalls were simple, rule-based devices that performed packet filtering. Second generation firewalls brought the addition of stateful packet inspection to ensure only appropriate packets are permitted to traverse the perimeter. Today we have next generation firewalls (NGFWs), the latest iteration of the product class, which include features such as application control, integrated intrusion prevention systems (IPS), anti-malware, and SSL inspection.

Given their versatility, NGFWs are considered by many to be a foundational piece of an organization’s network architecture. They continue to make up one of the largest and most mature technology markets, with more than 80% of all US enterprises deploying NGFW products.

NGFWs have traditionally been deployed on-premises; however, NSS Labs has observed that the adoption of cloud-based NGFWs is on the rise, with 8–10% of US enterprises reporting this type of deployment (as illustrated in the figure to the right). Additionally, some enterprises (including 10% of very large enterprises) report architectures that include both on-premises and cloud NGFW deployments.

If you’re reading this and your organization hasn’t yet deployed an NGFW, our data suggests that you probably will. When we compared US NGFW deployments by vertical, we found that health insurance, IT services, telecommunication, and energy and utilities lead the way in NGFW deployments. Verticals with the lowest NGFW deployment rates include healthcare, medical devices, computer software, and logistics and transportation.

Despite its humble beginnings, the firewall has become a complex and flexible technology that is deployed in a variety of industry verticals and horizontals. Understanding how enterprises are actually using the features within NGFWs would be the next step, and one we would like to focus on in a future study.

NSS Labs has recently begun releasing a series of Intelligence Briefs that focus on security controls in the US enterprise. The series will report on security product usage as reported by 510 information security professionals representing 50 US industries. The brief on network security (NGFW) in the US enterprise is now available in our research library.