top of page
    • May 4, 2023

How IT security trends shape your Next-Gen Firewall requirements

Being on the market for more than 10 years, the Next-Generation Firewall (NGFW) is not so much "next-gen" anymore. However, a future-proof NGFW platform is still of strategic importance to the organization. This is especially true in the context of hybrid work adoption, the growing number of SaaS applications and the combination of public cloud with on-prem resources. The implementation and management of network security is becoming more and more complex.


Several trends influence the choice of NGFW solution for cyber security:

  1. Too many cyber security tools

  2. Hybrid work and hybrid cloud

  3. The human factor as the dominant cause of security breaches

  4. Labor shortage

Too many tools


In order to protect from various threats, organizations have significantly increased the number of tools they use. We now find acronyms at every step – from SD-WAN, NGFW, SWG, DLP, over SOAR, ZTNA, to SIEM and CASB, to name just a few.


These acronyms are technologies that address specific security problems, usually packaged as separate siloes or tools. However, a proliferation of tools implies more administration touch points, attention and work. Complexity increases, driving up maintenance costs and most importantly increasing the risk of configuration errors and diluting attention span: the result is less security.


Organizations are becoming aware that more complexity means less security. According to Gartner's recent 2022 survey, many organizations are increasingly frustrated with the inefficiencies and shortcomings of integrating a heterogeneous set of security tools. As many as 75% of organizations are looking for a way to consolidate cybersecurity vendors and tools. 65% of organizations choose consolidation with the aim of reducing risks, and only 29% percent of them to reduce licensing costs.


A NGFW solution must therefore integrate security inspection and connectivity capabilities into one control plane, together with extensive reporting capabilities, having in mind the variety of endpoint devices and access scenarios (mobile remote workers, branches, SaaS applications outside the perimeter, and so on).


Palo Alto Networks: Covering all access scenarios and protect data regardless the location

Hybrid work and hybrid cloud

So-called hybrid work implies that user devices connect to applications from anywhere. The traditional on-prem perimeter protected by a firewall is in fact a thing of the past for a number of years already.


At the same time, completely or partially transferring servers and applications to some form of public/private cloud (for ex. Microsoft Azure or AWS) or simply relying on Software-as-a-Service (SaaS) solutions like Microsoft365 is increasingly common.


This dispersion of devices and applications/servers requires NGFWs to have much more flexibility. Specifically, the NGFW solution must support transitioning to SASE security-as-a-service architecture without forcing customers to rip and tear existing investments into network infrastructure. Adopting SASE together with SD-WAN ensures the same security treatment regardless where users are (work from anywhere) or where the applications are (on-prem, public cloud or SaaS), which is a pre-requisite for ZTNA.


An example security-as-a-service SASE architecture. Source: Palo Alto Networks

The human factor: reduce errors and facilitate troubleshooting


Although malware is usually associated with cyber attacks, the root cause of successful breaches are us, humans. According to Verizon's Data Breach Report, as many as 82% of successful breaches are due to human carelessness, error, or insufficient security knowledge. So most of the times attacks occur due to failures to identify phishing and configuration errors resulting from poor training or insufficient time to attend to complex IT systems.

Who fights against rule sprawl? The Firewall itself!

A firewall configuration error can expose sensitive data or allow an attacker easier access to the system. Firewall solutions are particularly vulnerable to human error. Over time, firewall rules proliferate and it becomes increasingly difficult to spot errors following a configuration change. As a result, the setup becomes too permissive, allowing new threats to slip through.


To minimize exposure and decrease risk, the NGFW must continuously monitor traffic and provide suggestions on how to modify existing firewall rules. Assistive functions that proactively monitor traffic patterns and point out security gaps in policies are a must, considering the resource constraints many IT practitioners face. For example, the NGFW should highlight tunneled applications that slip through standard ports and thus bypass policy, or rules that are not triggering for some time, thus reducing rule sprawl and complexity.


Labor or talent shortage

When the human factor is coupled with a shortage of skilled individuals, the risk can only increase. And a talent shortage seems especially dire in the cybersecurity industry.


According to the (ISC)² 2022 Cybersecurity Workforce Study, there is a global shortage of as many as 3.4 million cybersecurity professionals. The number has more than doubled compared to the 2019 survey. Both small SMBs and large multinationals face difficulties in finding and retaining cyber security experts. According to ISACA research, among the most sought-after skills are those related to network security and network operations.


At the same time, we are all witnessing an increase in successful cyber attacks, so it is very important that the NGFW solution has built-in as many functionalities as possible that complement the administrator's work. Hence, an AI driven co-pilot or "virtual consultant" is now becoming a standard.


AI driven operations can monitor what firewall features are enforced against an industry best practice or a peer group of customers (for ex. TLS inspection, application detection, user identification, logging, etc.). An "intelligent" co-pilot can warn on permissive rules that leak unwanted traffic and recommend concrete configuration steps to mitigate the risk. Also, before any configuration change is committed, the firewall can warn about a setup that might cause outages and suggest a different approach.

Who's advising the administrator on configuration change impacts? The firewall, of course!

So there you have it: in a world of growing attacks and limited human resources, dealing with modern threats requires assistive technology that frees up time and ultimately reduces TCO. Integrating all security functions to provide situational awareness is key, and allowing for a seamless coordination with a SASE as-a-service architecture should make the investment future-proof.

bottom of page