Intrusion prevention system vendor Sourcefire is delivering on its October 2010 promise to add next-generation firewalls (NGFW) to its security portfolio. The company says the NGFW, built around its contextual-awareness technologies, delivers advanced firewall capabilities, as well as integrated application control and the "world’s most powerful IPS" in a security appliance that provides enterprise visibility, adaptive security and advanced threat protection. The two appliances will ship on Dec. 23.
Contextual awareness is the secret sauce, says Sourcefire, enabling it to offer granular network and application access control without compromising threat prevention. The IPS market is expected to reach $2 billion by 2014, and the NGFW market will reach $4 billion, which triples the company's addressable market.
Last month Sourcefire released a survey, conducted on its behalf by the Ponemon Institute that showed 55% of users globally, and 64% in the United States, are leveraging NGFWs to augment their current security deployments rather than replacing legacy technology. Respondents ranked IPS as the most important component of the NGFW for data protection, and named firewall as the least important feature for protecting their data from unauthorized access.
The NGFW additions are the 1U, stackable up to two times, 3D8140 with 10-Gbps firewall stateful inspection and 6-Gbps threat-inspected throughput, and the 2U, stackable up to four times, 3D8250 with 20-Gbps firewall stateful inspection and 10-Gbps threat-inspected throughput. The optional URL Filtering Service provides granular control over website access and content. A software upgrade for existing customers will be delivered in mid-2012, says the company.
IDC's John Grady, senior research analyst, security products, says there still doesn't seem to be a definitive definition for NGFW, but everyone generally knows what it means. "At the basic level, it's firewall plus IPS plus application control. You can get more granular in terms of Layer 7 visibility, etc., but IPS functionality is a big component of the NGFW story one way or the other. Intrusion Detection and Prevention is a keystone for advanced network security because it provides a wide range of protection capabilities. So starting from a strong IPS technology base and building a NGFW from that direction is a compelling story."
He agrees with Sourcefire that the contextual awareness is a big differentiator. "Arguably, the main advantage of NGFWs is the ability to granularly control application traffic by user. The additional visibility and awareness into behavioral patterns, hosts and operating systems help move the Sourcefire system beyond a signature-based approach. This is the direction stand-alone IPS solutions are moving; however Sourcefire is ahead of the curve in terms of leveraging the technology in a NGFW solution."
Ultimately, if Sourcefire is able to offer a solution that provides the same level of control and protection as that of a traditional firewall vendor's NGFW without increasing complexity relative to management and policy, the customer isn't going to care whether it's IPS plus firewall or firewall plus IPS, says Grady. IPS has been more flexible at meeting new waves of threats, and by marrying IPS and firewall (with user and application awareness) the ability to meet today's security challenges is improved.
"Sourcefire has had some very good success recently, but because they were operating in the stand-alone IPS space, I think they were still flying under the radar a bit. But the release of this product definitely pushes them into more direct competition with Cisco, Juniper and Check Point. Having both the stand-alone IPS and now the NGFW potentially gets Sourcefire into conversations they weren't in before. Also, because the new 3D8000 series appliances are the platform for both IPS and NGFW, there's some investment protection for customers who don't want to commit to the NGFW solution right away. Lastly, with a strong base in the public sector already, there's a lot of potential for traction there."
See more on this topic by subscribing to Network Computing Pro Reports Security That Never Sleeps (free, registration required).