Are next-generation firewalls legacy technology? – Network World

By Jon Oltsik, Network World | May 5, 2017 12:13 PM PT

Jon Oltsik is a principal analyst at Enterprise Strategy Group ESG and has been quoted in the Wall Street Journal, Business Week, and the New York Times.

Your message has been sent.

There was an error emailing this page.

A few years ago, next-generation firewalls (NGFWs) came out of nowhere to become a network security staple. These devices combined traditional L3/L4 packet filtering with deep packet inspection, IPS, and other network security services along with knowledge about users and applications. This broad functionality packaging changed the network security paradigmeveryone needed, or at least wanted a NGFW at the perimeter or within the internal network.

Fast forward to 2017, and the bloom is coming off the NGFW rose for several reasons:

Some of the issues and use cases cited here are fairly limited to advanced organizations (which represent somewhere between 15 and 20 percent of the overall enterprise market), so there is still a massive opportunity for NGFW players with mid-market organizations and most enterprises who lack the maturity and experience of more advanced cybersecurity firms. Nevertheless, these trends will persist, squeezing the NGFW market overtime.

Im not suggesting that NGFW vendors such as Check Point, Cisco, Forcepoint, Fortinet or Palo Alto Networks are in any imminent danger. As I mentioned, the market is in an early stage of transition, so bountiful opportunities remain. Over time, however, these organizations must alter their portfolio to offer software- and cloud-based network security alternatives to traditional firewall hardware.

Many are already doing so today. Cisco, Check Point and Fortinet have introduced network security architectures where services can live anywhere on the networksort of a modern-day network operating system (NOS) for network security. And, of course, a network security architecture should plug seamlessly into a security operations and analytics platform architecture (SOAPA).

The services that make up NGFWs are still necessary, and central management and operations is always worthwhile, but the thought of forcing all these things into some perimeter-based god box is looking more and more like a legacy solution. As Bob Dylan might say, "The times, they are a changin."

Jon Oltsik is an ESG senior principal analyst and the founder of the firms cybersecurity service.

Sponsored Links

See more here:

Are next-generation firewalls legacy technology? - Network World