The next generation firewall (NGFW) market is one of the largest and most mature markets in cybersecurity. Serving as the first line of defense for enterprise networks, it is the cornerstone of any modern network security strategy. Recent NSS Labs studies have shown that 80.5% of US enterprises deploy NGFW products. Types of deployment are as follows:

  • On premises: 70.1%
  • Cloud: 3.1%
  • Combination of on premises and in the cloud: 7.4%

Vendors market their products as having myriad features, configuration capabilities, and pricing options; however, enterprises should invest appropriate time and resources to properly evaluate products and perform due diligence based on facts rather than vendor claims. Not all NGFWs are equal; while there is some feature overlap, enterprises should evaluate the strengths and weaknesses of different products based on their unique requirements. Furthermore, enterprise-class NGFWs can be costly; enterprises must look at any investment from the perspective of long-term scalability and long-term return on their investment. For this reason, enterprises should ensure that vendor roadmaps align with their own.

So, what are some of the key features enterprises should look for in today’s NGFW products?

An NGFW should be capable of performing deep packet inspection on all packets, on all ports, and over all protocols in order to determine which applications are running over which ports and thus secure the applications effectively. Any short list of key features should include application awareness, integrated intrusion protection capabilities, and the ability to handle new types of attacks, such as those using obfuscated JavaScript. Enterprises should also consider deployment use cases (e.g., on premises, cloud, hybrid) and additional features that fit their needs.

What metrics are used to evaluate products?

At NSS, we believe that to enable meaningful comparisons, security products should be tested in four areas:

  • Security effectiveness – The purpose of an NGFW is to restrict access between trusted and untrusted networks through policy and routing and to identify and block attacks against assets while allowing select controlled traffic to flow between trusted and untrusted networks. The tests should address application control, intrusion prevention, evasions that use common or advanced tactics, and attacks that leverage SSL inspection to bypass security products.
  • Performance – Not only should NGFWs deliver high performance and throughput, but they should also be scalable so security functions can be consolidated without disruption to applications and services.
  • Stability and reliability – NGFWs should be able to perform well even under extraordinary circumstances, including power failure and extended attacks, such as distributed denial of service (DDoS).
  • Total cost of ownership (TCO) – TCO is calculated by factoring in costs associated with product purchase (for the device and its central management system), maintenance, updates, and installation. Since throughput and performance range widely amongst NGFW products, normalization is recommended. NSS uses its unique formula (TCO per protected Mbps) to provide clear guidance as to whether a product’s price is higher or lower than its competitors.

1 Results from NSS Labs’ 2017 Enterprise Security Architecture Study, which included survey responses from 510 information security professionals representing 50 US industries

NSS Labs will soon publish the results of its 2018 NGFW Group Test. The test includes market incumbents as well as new entrants. Enterprises can leverage these results during product purchasing decisions.