Perimeter defense

Share this article:

I saw the term “next generation firewall” for the first time while I was researching this year's innovators. I was especially interested because there is a contingent in our field that is beginning to think that the firewall is a dead product type given the other options available and the way the enterprise is evolving into a more and more open network. That, of course, increases the difficulty of perimeter defense because the perimeter is becoming more ubiquitous in the enterprise, instead of simply defining the edge.

We looked at four subcategories this year: unified threat management (UTM), next generation firewall, IPS and wireless security. That last group, wireless security, has been a thorn in my side for the past three years because the definition has shifted dramatically as the genre has encompassed more and different functionality while the wireless world evolves. The selection this year may well end up defining the product type going forward. Worth watching, anyway.

The UTM has been touted as replacing the firewall. Indeed, the UTM is nothing like its earlier definition. The rather limited functionality that defined the product type has given way to what we used to call around the SC Labs “multipurpose appliances.” Everything old and all that. The fact is that today's UTM can do just about any type of protection on the perimeter that we need, whether it is malware, hacking, denial of service, spam or whatever.

That just leaves the intrusion prevention system (IPS) world. That is a game-changer in this particular market segment because the serious players are forced to acquire or develop new technologies that may be out of their specific areas of expertise. Our selection this year is well-aware of that, and we covered it in our discussion.

IPS was a bit of a dark horse early on. Pundits declared that nobody would buy a device that made decisions to shut down processes and connections. These so-called experts claimed that false positives would make the IPS a denial-of-service device instead of protecting the enterprise. Well, that may have happened a bit, but it certainly is not the way things are today.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in Reviews

Sign up to our newsletters

More in Reviews

Protecting email both ways

Protecting email both ways

Protecting your organization from attacks brought into the system by email is an ongoing challenge, says Peter Stephenson, technology editor.

Attestation at its best

Attestation at its best

Private Core vCage protects systems. It's a little complicated under the covers, but in practical use is simplicity itself.

Mobile devices are the new endpoints...and both need protecting

Mobile devices are the new endpoints...and both need ...

The use of social media spreads throughout the internet and cares little if the participants are Joe and Jane or the Massive Big Company. They're all swimming in the same ...