What to ask before buying a next-generation firewall

There’s a lot of pressure on CISOs to button up their networks to make them impervious to breaches. That’s a mission impossible, of course. But it can lead to infosec pros looking for the perfect appliance that solves everything — like a next-generation firewall.

But in a blog U.S. security consultant Kevin Beaver reminds IT departments that NGFWs might not be the right solution for every environment, despite their advantages in being application-aware devices.

In particular, he urges security pros to ask the following questions:

  • Is integrating multiple security controls into one system going to create more of a single point of failure? What about network performance issues?
  • Are each of the individual security controls (i.e., application-layer and malware protection) truly what you need? If so, are they good enough to address the threats and vulnerabilities your business faces given your environment and its unique circumstances?
  • Are the monitoring and reporting features adequate for your real-time needs? What about for compliance and auditing?
  • How will these features help reduce your known risks?
  • How does your vendor’s support measure up? Do you feel comfortable that they’ll be there when the going gets rough? Are they forthcoming with information and quick to patch their own security flaws?

“The potential for risk investing in next-generation firewalls certainly exists — i.e., spending good money on something you didn’t need, especially when other common security basics haven’t yet been addressed,” he writes. “If you’re going to go down the path of next-generation firewalls, ask yourself — and especially prospective vendors — the hard questions.”

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web