The first “next generation” firewall (NGFW) became generally available in 2007. However, the market has still not agreed on a NGFW definition. Market confusion persists, and perhaps has even increased over the years as more vendors have entered the market and claimed NGFW capabilities.

Some of the confusion is due to differing opinions regarding what functionality needs to be included in a NGFW, but equally important is what functionality is to be excluded. NSS has been explicit and consistent with its definition of NGFW appliances (see NSS report “What do CIOs need to know about Next Generation Firewalls?”).

NSS has recently completed its NGFW Group Test for 2013, and the results provide reason for optimism for this maturing market segment. In some situations, NGFWs provide security effectiveness and value relative to the combined standalone deployments of enterprise firewalls and intrusion prevention system (IPS) appliances. However, there are caveats.