<p>Nearly 20 years after they were first developed, next-generation firewalls today play a key role in most organizations’ cybersecurity infrastructures. Among other benefits, NGFWs offer a blend of traditional firewall capabilities combined with features designed to detect and stop sophisticated cyberattacks.</p>
<p>This article outlines key features and capabilities that CISOs and security decision-makers should consider when evaluating modern NGFWs and examines five top firewall options.</p>
<section class=”section main-article-chapter” data-menu-title=”Key NGFW features”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Key NGFW features</h2>
<p><a href=”https://www.techtarget.com/searchsecurity/definition/next-generation-firewall-NGFW”>NGFWs</a> are hardware, software or cloud-based devices that extend traditional firewall capabilities beyond packet inspection — filtering traffic by IP address, port and protocol — and stateful inspection — tracking the state of connections. In addition to these baseline controls, NGFWs offer deep packet inspection (<a href=”https://www.techtarget.com/searchnetworking/definition/deep-packet-inspection-DPI”>DPI</a>), which examines the payload of network traffic rather than just packet headers. DPI enables the firewall to locate, identify, classify and reroute or block malicious content in otherwise legitimate traffic.</p>
<p>Modern NGFWs also offer application awareness and control, integrated intrusion prevention systems, SSL/TLS inspection, user identity awareness, logging and reporting, API-driven automation and automated policy recommendations.</p>
<p>Many NGFWs also use <a href=”https://www.techtarget.com/searchsecurity/tip/Top-open-source-and-commercial-threat-intelligence-feeds”>threat intelligence feeds</a> to enhance DNS and URL filtering and improve the detection of malicious traffic. Advanced NGFWs can detect policy violations and automatically block, quarantine or sanitize suspicious traffic before alerting security teams and integrating with other security technologies for further investigation .</p>
<p>NGFWs often serve as a centralized visibility point for network activity and help organizations achieve and maintain a <a href=”https://www.techtarget.com/searchsecurity/answer/What-are-the-most-important-pillars-of-a-zero-trust-framework”>zero-trust architecture</a>.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Leading NGFW products”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Leading NGFW products</h2>
<p>Let’s look at some of the most widely used NGFWs that offer these features. Many other NGFW technologies are available, each with its own pros and cons. The tools profiled in this article were selected based on market research. Each has a sizable customer base, is under active development, and has numerous publicly available user reviews from verified purchasers of NGFWs. This list is organized alphabetically.</p>
<h3>Check Point Quantum</h3>
<p><b>Key features</b></p>
<ul class=”default-list”>
<li>Makes extensive use of AI technologies as part of its threat intelligence.</li>
<li>Integrates with endpoint and mobile detection and response technologies via the broader Check Point platform.</li>
<li>Offers additional security features, such as antispam, through its next-generation threat protection SandBlast bundle.</li>
</ul>
<p><b>Pros</b></p>
<ul class=”default-list”>
<li>Excels at centralized management, providing an intuitive GUI and dashboard that saves administrators time.</li>
<li>Cited for its reliability and stability.</li>
</ul>
<p><b>Cons</b></p>
<ul class=”default-list”>
<li>Licensing and subscriptions are reportedly more complex and expensive than competing products.</li>
<li>According to some user reports, it fails to detect attacks that other vendors successfully discover and <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-reduce-false-positive-alerts-and-increase-cybersecurity”>generates repeated false positives</a>, especially for email.</li>
</ul>
<p><b>Sales and licensing</b></p>
<ul class=”default-list”>
<li>Offers dozens of hardware models for on-premises deployments as well as SaaS.</li>
</ul>
<h3>Cisco Secure Firewall</h3>
<p><b>Key features</b></p>
<ul class=”default-list”>
<li>Uses <a href=”https://www.techtarget.com/searchsecurity/feature/How-AI-threat-detection-is-transforming-enterprise
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: