What is what in “NGFW | NGIPS | UTM ”
More and more information appears about the need to switch to “new” types of network protection devices. Where to put available - are silent, probably, on ebay to sell. The question arises: Should I? What is the benefit?
About NGFW there is already a lot of information and comparisons, say with UTM, which unites many functions. The definition of Gartner from NGFW is:
As can be seen in the presence of the IPS block, standard IPS of the first generation, in theory, are no longer needed. True, manufacturers still "recommended" to use a bunch of IPS and NGFW. It turns out that in terms of devices 1 generation NGFW - this is a "Swiss knife"? This question is answered by the presence of such devices as UTM, into which, in essence, one can cram a lot of things and different.
The difference between UTM and NGFW is determined as follows:
However, in order to keep up with the trends of the market and the escalation of holly war with UTM, it was not long to wait for the appearance of NGIPS. Devices are considered "at the edge of technology". After analyzing the list of mandatory requirements for NGFW, in theory, from the NGIPS we must wait for something new, previously unused. What we see in the description of the functional:
Somehow not at all impressive spectacle.
As a result, we get the table of the following nature (according to the functional, a bit roughly combined, do not kick much):
Who - where from manufacturers on the "quality" can be viewed in the reports of Gartner. But to be honest, judging by the functionality and the list of manufacturers, there is a feeling of light selloff (SMILE)
Good luck with your choice, security is never enough or defense-in-depth.
PS Did not translate the original, so as not to lose the essence.
About NGFW there is already a lot of information and comparisons, say with UTM, which unites many functions. The definition of Gartner from NGFW is:
Next-generation firewalls integrate three key assets: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control. - packet filtering
- network address translation (NAT)
- URL blocking and virtual private networks (VPNs)
- Quality of Service (QoS) functionality
- intrusion prevention
- SSL and SSH inspection
- deep-packet inspection
- reputation-based malware detection
- application awareness, full stack visibility and granular control
As can be seen in the presence of the IPS block, standard IPS of the first generation, in theory, are no longer needed. True, manufacturers still "recommended" to use a bunch of IPS and NGFW. It turns out that in terms of devices 1 generation NGFW - this is a "Swiss knife"? This question is answered by the presence of such devices as UTM, into which, in essence, one can cram a lot of things and different.
UTM solution includes the following features: - Firewall
- Application control
- IPsec and SSL VPN
- IPS
- Web content filtering
- Anti-spam
- Data loss / leakage protection
- Anti-virus and anti-spyware protection
- IPv6 native support
- Traffic shaping / bandwidth control
The difference between UTM and NGFW is determined as follows:
Next-generation firewalls are similar to UTM devices in that they are consolidated network security devices and operate as an inline security barrier with network security policy capabilities in real time. The most significant difference is that they provide a subset of the technologies included in most UTM solutions. Cultural "lowering" of NGFW to a sinful land.However, in order to keep up with the trends of the market and the escalation of holly war with UTM, it was not long to wait for the appearance of NGIPS. Devices are considered "at the edge of technology". After analyzing the list of mandatory requirements for NGFW, in theory, from the NGIPS we must wait for something new, previously unused. What we see in the description of the functional:
- Standard first-generation IPS (available in the NGFW) .
- If you are a NGFW, you must be aware of the fact that you are on the network.
- For example, it can be seen that it can be used as an example. as I understood it, the development of the Prevention mechanism was exclusively, in order to reduce errors of the first and second kinds due to additional information. Novelty? I would not say so ...
- In my opinion, this is a feature of the standard antivirus, correct if I am mistaken.
- It is an extension of usability, for a potential improvement in functionality.
Somehow not at all impressive spectacle.
As a result, we get the table of the following nature (according to the functional, a bit roughly combined, do not kick much):
Who - where from manufacturers on the "quality" can be viewed in the reports of Gartner. But to be honest, judging by the functionality and the list of manufacturers, there is a feeling of light selloff (SMILE)
Good luck with your choice, security is never enough or defense-in-depth.
PS Did not translate the original, so as not to lose the essence.
')
Source: https://habr.com/ru/post/229343/
All Articles