While intrusion prevention systems that do deep packet inspection can protect operating systems and software, "they cannot effectively identify and block the misuse of applications, let alone specific features within applications," the report stated. Garter forecasts that by 2014, 60% of firewalls sold from vendors such as Cisco Systems, CheckPoint, Juniper Networks, Palo Alto Networks and others will be of this next-generation type.
The GlobalProtect technology extends the same security control to remote workers. New this week is specific GlobalProtect support for Apple iPads, iPhones and desktop/laptop computers running the Apple OS X operating system. It already protects devices running Microsoft Windows. GlobalProtect creates a secure tunnel, similar to a VPN, between the remote worker and the nearest next-generation firewall.
The difference between GlobalProtect and a VPN is that a VPN tunnels only to and from the corporate network, whole GlobalProtect also secures connections between remote end points. "This is kind of how people designed mass transit systems in the '70s--this hub-and-spoke to an urban core. The reality today is that people are commuting between suburbs," King says.
The WildFire service adds protection from malware attacks, which are getting more sophisticated all the time. Lately, malware has become specifically targeted at an individual using social engineering. For example, information about the recipient is culled from social networking sites to personalize an email, which the recipient may be more likely to open, thus downloading malware. The WildFire service takes suspicious packets and executes them in a virtual cloud-based environment to see if they actually are malware. Executing them in the cloud prevents the malware from actually infecting the network.