You don’t have to think back too far to remember a time when firewalls were all about speeds and feeds, and not much else. Over the past few years, however, we’ve seen a shift from the firewall leading a lonely, isolated existence, to a new conversation about the firewall as an integrated component of your greater IT security strategy. A firewall that’s able to communicate as part of a larger IT security ecosystem is much more effective, providing a whole new level of security, responsiveness and insight.
That doesn’t mean the race for the fastest firewall has gone away, but measures like “gigabits per second” now need to work as part of the protection, performance and price mix.
How to compare firewalls
No two network environments are the same and testing methodologies among vendors can vary wildly, making it fruitless to compare firewalls based on published datasheet numbers alone. In any case, just comparing datasheets completely ignores security effectiveness – which these days is a critically important metric.
That’s why third-party testing labs are so valuable. When done correctly and fairly, independent tests bring all vendors to a common denominator and highlight what really matters: the price-performance ratio.
Check out the recent NSS Labs Next-Gen Firewall tests to see how firewalls from the top vendors stack up when put to the test:
Modernizing the Beast
IT departments often struggle to find time to upgrade their outdated firewalls due to budget and resource constraints. From our conversations with customers and partners, it appears that more organizations than you’d think have a beast – an older firewall – in the datacenter, which nobody dares to touch as it cost a small fortune to buy and get set up. It may be doing its job – but that’s the job a firewall was expected to do ten years ago. As a result, these firewalls typically lack the extras that their modern counterparts can offer.
For example, a lot of old firewalls can’t block unknown threats, automatically respond to incidents or reveal hidden risks on the network.
The old beast of a firewall in that rack of yours probably doesn’t offer contemporary security features such as sandboxing or other forms of more advanced threat detection, response and mitigation. In contrast, an intelligently-deployed modern firewall can protect proactively against modern ransomware attacks like the recent WannaCry and Petya outbreaks.
LEARN MORE: Firewall Best Practices to Block Ransomware ►
Firewalls today provide more effective mechanisms to respond to and isolate threats by working with the rest of your IT ecosystem. By communicating and sharing information, they provide better protection and insight through added intelligence – something you could call Synchronized Security. (In fact, that’s exactly what we do call it!).
What you can do
Ideally, you’d replace your old firewall with the latest and greatest sort of firewall that can adapt, grow and respond not only to your changing needs but also the shifting IT security landscape.
But if you’re one of those organizations with an old beast of a firewall, you could consider adding a more adaptable firewall in-line instead. In one simple and risk-free move, you could greatly enhance your network security without disturbing the beast.
Deploying XG Firewall in-line with your existing firewall is easy and risk free.
Our new XG and SG Series 1U and 2U rackmount appliances are the perfect fit whether you’re replacing or augmenting your existing firewall. They strengthen our price-performance ratio even further by providing the latest high-performance technology at the same attractive price point. They also offer:
- A modular system for connectivity with a wide variety of flexi port modules
- Ease deployment in-line with two fail-safe bypass ports on-board every 1U appliance and an optional bypass flexi port module for all 1U and 2U XG models
- Optional Power-over-Ethernet (PoE) equipped flexi port modules to power your wireless access points
- Enhanced redundancy features, even on entry-level 1U appliances
Both the XG Series and the SG Series have the same hardware specifications; it’s what’s pre-installed on the inside that makes them different – you can choose either our XG Firewall (SFOS) or Sophos UTM as your software platform. Both can be enhanced with Sandstorm sandboxing technology without the need for additional hardware.
For automated incident response and real-time insight and control, you can also add Sophos Synchronized Security to your XG Firewall, giving you the Sophos Central Endpoint or Intercept X solutions, too.
To find out more about this and other innovative ways to get the full potential out of your Sophos XG or SG Series firewall appliance, speak to your local Sophos Partner or Sales Team today.
Article source: https://news.sophos.com/en-us/2017/08/18/reignite-your-firewall/