A class of firewalls designed to filter network and Internet traffic based upon the applications or traffic types using specific ports. The application-specific granular security policies provided by Next Generation Firewalls help them detect application-specific attacks, giving them the potential to catch more malicious activity than more traditional firewalls.
Next Generation Firewalls (NGFWs) blend the features of a standard firewall with quality of service (QoS) functionalities, application identification that is agnostic to the TCP/UDP port used, integration with Active Directory for User Identification in order to provide smarter and deeper inspection that is actionable and measurable. In many ways a Next Generation Firewall combines the capabilities of first-generation network firewalls and network intrusion prevention systems (IPS), user identity based security by enforcing role based access control (RBAC) while also offering additional features such as SSL and SSH inspection, reputation-based malware filtering and Active Directory integration support.
DTS Solution works with multiple network security vendors that manufacturers enterprise-grade and commercial-grade NGFWs that include Juniper Networks (AppSecure Suite) and Fortinet (FortiGate) NGFW.
Application Control makes it possible to recognize applications independent from their communication TCP/UDP port values. Having a stateful firewall does not necessarily protect from threats which are hidden inside applications or from threats using the same communication ports as well known protocols like HTTP.
Malicious applications are embedded into known ports such as HTTP that can bypass traditional stateful-inspection firewalls. Modern Application Control solutions also referred to as Next Generation Firewalls are able to recognize more than 1000+ different applications; blocking P2P traffic, identifying Facebook applications or streaming applications like Youtube, providing granular security context and application awareness features.
Application Control solutions also increase network visibility, giving your security operations team understanding of the most common used application within your organization. With such visibility and awareness, security risks can be identified where unauthorized applications are being utilized such as BitTorrnet or eMule, whilst enhancing user experience by implementing QoS for certain critical applications.
Application Control Solutions can leverage and integrate with User Identity solutions providing the possibility to control the application usage behaviour for specific users or groups. By integration with a User Identity, Application Control feature extends visibility by providing your organization with awareness on individual users or groups that utilize particular set of applications.
DTS Professional Service has a high level expertise in Application Control Solutions, through successful design, delivery and support of key projects.
Contact our sales team for more information on Application Control security solutions and how it can help your organization with detailed application, user and content based awareness.
Accurate traffic classification is the heart of any firewall, with the result becoming the basis of the security policy. Traditional firewalls classify traffic by port and protocol, which, at one point, was a satisfactory mechanism for securing the perimeter. Today, applications can easily bypass a port-based firewall; hopping ports, using SSL and SSH, sneaking across port 80, or using non-standard ports. App-Control and App-ID a patent-pending traffic classification mechanism that is unique to NGFWs, addresses the traffic classification limitations that plague traditional firewalls by applying multiple classification mechanisms to the traffic stream, as soon as the device sees it, to determine the exact identity of applications traversing the network.
App-ID uses multiple identification mechanisms to determine the exact identity of applications traversing the network. The identification mechanisms are applied in the following manner:
As the applications are identified by the successive mechanisms, the policy check determines how to treat the applications and associated functions: block them, or allow them and scan for threats, inspect for unauthorized file transfer and data patterns, or shape using QoS.
Internally developed or custom applications can be managed using either an application override or custom App-IDs. An applications override effectively renames the traffic stream to that of the internal application. The other mechanism would be to use the customizable App-IDs based on context-based signatures for HTTP, HTTPs, FTP, IMAP, SMTP, RTSP, Telnet, and unknown TCP /UDP traffic. Organizations can use either of these mechanisms to exert the same level of control over their internal or custom applications that may be applied to SharePoint, Salesforce.com, or FaceBook.
Traditionally, security policies were applied based on IP addresses, but the increasingly dynamic nature of users and applications mean that IP addresses alone have become ineffective as a mechanism for monitoring and controlling user activity. Next-generation firewalls integrate with the widest range of user repositories on the firewall market, enabling organizations to incorporate user and group information into their security policies. Through User-ID, organizations also get full visibility into user activity on the network as well as user based.
In cases where organizations have a user repository or application that already has knowledge of users and their current IP address, a standards-based XML API can be used to tie the repository to the next-generation firewall.
Content-ID combines a real-time threat prevention engine with a comprehensive URL database and elements of application identification to limit unauthorized data and file transfers, detect and block a wide range of threats and control non-work related web surfing. The application visibility and control delivered by App-ID, combined with the content inspection enabled by Content-ID means that IT departments can regain control over application traffic and the related content.
Complementing the threat prevention and application control capabilities is a fully integrated, URL filtering database consisting of 20 million URLs across 76 categories that enables IT departments to monitor and control employee web surfing activities. The on-box URL database can be augmented to suit the traffic patterns of the local user community with a custom, 1 million URL database. URLs that are not categorized by the local URL database can be pulled into cache from a hosted, 180 million URL database. In addition to database customization, administrators can create custom URL categories to further tailor the URL controls to suit their specific needs. URL filtering visibility and policy controls can be tied to specific users through the transparent integration with enterprise directory services (Active Directory, LDAP, eDirectory) with additional insight provided through customizable reporting and logging.
Data filtering features enable administrators to implement policies that will reduce the risks associated with the transfer of unauthorized files and data.