Things to Ponder Over before Deploying Next Generation Firewall
With NHS being a victim of WannaCry, a ransomware, which had devastating effects on all of their computer software, bringing everything to a screeching halt, information security management has become more important than ever. It is time for traditional firewall software to give way to the next generation firewall (NGFW). NGFW has features and functionalities such as intrusion prevention systems (IPS), deep packet inspection (DPI), SSL inspection etc. which are able to scrutinize the incoming and outgoing traffic acutely.
Deploying an NGFW is an organization-wide venture and requires considerable architectural modification. Hence, it is vital to understand the data and the network architecture to make a security plan around them. If the organization has micro-segmentation in place within the organization; the firewall can be deployed within as well as at the perimeter of the data center.
Another important point to be considered is creating a test environment to allow the personnel get hands-on experience working with the software before the actual purchase is made. A test lab does require some expenditure but can prove to be beneficial in the long run. It enables the IT staff model changes without affecting the actual production of the organization. Many vendors offer licensing option for non-production equipment, giving flexibility in choosing the features as per the organizational requirements.
One of the primary decisions before deploying a firewall is determining the size of the hardware box required, as it influences the throughput of the network. Choosing the right vendor is of importance here since several vendors do not provide the advertised throughput, which can be detrimental to the overall performance of the firewall network.