Firewall Evolution: 5 Milestones, 5 Predictions

0-Firewall Evolution: 5 Milestones, 5 Predictions
1-Milestone: The Firewall as a Proxy
2-Milestone: Packet Filters
3-Milestone: Stateful Firewalls
4-Milestone: Unified Threat Management Becomes the Latest Buzzword
5-Milestone: Next-Generation Firewalls (NGFWs)
6-Prediction: Firewalls Are Becoming Virtual
7-Prediction: Cloud-Based Firewalls
8-Prediction: More Cross-Pollination With Other Security Capabilities
9-Prediction: Deeper Content Inspection
10-Prediction: Managing Firewalls With the Business in Mind
1 of 11

Firewall Evolution: 5 Milestones, 5 Predictions

By Chris Preimesberger

2 of 11

Milestone: The Firewall as a Proxy

In the early 1990s, the firewall was a primitive piece of technology—really just a proxy. During this period, the proxies were often pushed to the perimeter of a network and used to proxy traffic resources within the internal network. The traffic could be filtered and shaped to certain resources.

3 of 11

Milestone: Packet Filters

During the early 1990s, there were also packet filters, which ran on servers that inspected traffic coming into the network. This is where administrators would create security policies and, in effect, rudimentary rule bases, which performed packet filtering based on five attributes of TCP/IP: Source IP, Source Port, Destination IP, Destination Port and Destination Protocol.

4 of 11

Milestone: Stateful Firewalls

While packet filtering only looks at an individual packet at a time, using stateful packet inspection, firewalls are able to retain packets until there is enough information to make a sound "yes" or "no" decision. Stateful firewalls are still used today, but that is starting to change.

5 of 11

Milestone: Unified Threat Management Becomes the Latest Buzzword

In the early 2000s, unified threat management (UTM) devices emerge in the market, providing an all-in-one appliance that combines Secure Sockets Layer (SSL) virtual private networks, anti-virusware, intrusion-prevention systems (IPSes), and firewalls.

6 of 11

Milestone: Next-Generation Firewalls (NGFWs)

The latest evolution in firewall IT is the next-generation firewall, which filters packets based on much more granular policies for application and user traffic. Additionally, these NGFWs can integrate IPSes as well as many other security functions into the firewalls' decisions to block malicious traffic.

7 of 11

Prediction: Firewalls Are Becoming Virtual

Over the next few years, organizations will see firewalls becoming much more virtual, instead of being a stagnant appliance on networks. Like a traditional firewall, these virtual/hypervisory-level firewalls will inspect packets and use security policy rules to block unapproved communication between virtual machines. While these virtual/hypervisor-level firewalls will not replace dedicated firewalls operating at or near wire speeds, there will be more demand for these firewalls as organizations begin to mix workloads with different security requirements on the same physical box.

8 of 11

Prediction: Cloud-Based Firewalls

Since there is a rise in both cloud computing and mobile devices, analysts have predicted that there might be an increase in cloud-based firewalls that will become more focused by services, such as Web application firewalls (WAF).

9 of 11

Prediction: More Cross-Pollination With Other Security Capabilities

We've already seen a lot of integration with UTM technology and NGFWs, and we will move beyond simply adding more capabilities onto a box and more effectively integrating the data and capabilities to get faster and better decisions made. For example, this would mean having a security information and event management, or SIEM, platform correlate data from the gateway and dynamically adapt the firewall rules to mitigate specific threats.

10 of 11

Prediction: Deeper Content Inspection

Content inspection can always be improved as new generations of firewalls come into the market. As each generation of inspection software enters the market, it runs leaner and faster and is generally more efficient.

11 of 11

Prediction: Managing Firewalls With the Business in Mind

More decisions in larger organizations will be made from the perspective of a business application, rather than from strictly a firewall/security perspective as networks become increasingly complex. This is a trend throughout the software industry. By business application, we mean—as one example—a credit card processing service that is necessary for an e-commerce organization to run and make money. Therefore, if a firewall rule is preventing the application from working or slowing down the performance, then the organization will suffer. This is a new way of looking at how firewalls are managed, which continues to evolve.

Top White Papers and Webcasts