Search Learning Center for

Next Generation Firewalls (NGFW)

AppSec, Essentials 270 views

What Are Next-Generation Firewalls?

A Next-Generation Firewall (NGFW) is a cyber security solution to protect network fronts with capabilities that extend beyond traditional firewalls. While traditional firewalls detect suspicious traffic and block network access based on a predefined blacklist, NGFWs include additional features such as intrusion prevention and deep packet inspection.

See how Imperva Web Application Firewall can help you with web application attacks.

Features To Look For In Next-Generation Firewalls

The features provided by NGFW solutions vary between vendors. Here are a few features you should look for in an NGFW:

  1. Blocking threats at the network edge
    Prevents attacks from accessing the network by using sandboxing, URL filtering and analyzing behavior to detect and deal with threats such as malware, ransomware and SQL injection.
  2. Geolocation
    Correlates between IP address and physical locations to restrict location-based access or direct traffic towards specific servers.
  3. Reverse proxy / web gateway
    Offers a proxy that terminates connections, including encrypted HTTPS sessions, and forward the content to a web server after inspecting it.
  4. Intrusion Detection and Prevention Systems (IDS/IPS)
    Detects and prevents system intrusions based on known signatures or generic attack forms to stop known attacks.

What Is a Web Application Firewall?

A Web Application Firewall (WAF) is a filter that sits in front of web-based applications and audits HTTP/S traffic between the application and the internet to detect and prevent malicious activity and threats. Like traditional firewalls, WAF uses policies to detect and filter malicious traffic. A WAF lets you change policies instantly, helping you respond much faster to attacks and changes to your environment.

Features To Look For In Web Application Firewalls

A WAF is the next logical step after an NGFW. By and large, it provides the same features as NGFW, with these additional capabilities:

  1. Protection against OWASP Top 10 and Automated Top 20
    WAF solutions must be able to protect against the most critical web application security threats. Imperva provides protection against the risks detailed in the top 10 threats of Open Web Application Security Project (OWASP) and Automated Top 20 threats including SQL injection, remote file inclusion and cross-site scripting.
  2. Attack detection
    Accurately detecting attacks while minimizing the number of false positives is essential to ensure that your cybersecurity teams focus efforts on mitigating the most critical threats to systems and networks. Imperva WAF achieves this with high accuracy and blocks malicious traffic by using patented dynamic application profiling and attack validation which learns all aspects of web applications including URLs, parameters and acceptable user inputs and directories. Correlated attack validation allows you to analyze each violation
  3. Extensive reporting
    WAF solutions should provide broad reports in a straightforward manner so you can easily understand what is happening in your system. This allows you to quickly assess the security status of your applications and demonstrate compliance with standards such as PCI, SOX, HIPAA and FISMA. Imperva WAF can generate rich, predefined and customizable graphical reports to help you meet regulatory compliance and gain a full understanding of your security status.
  4. SIEM integration
    WAF solutions should integrate Security Information and Event Management (SIEM) tools provided by top vendors such as Splunk and ArcSight. Imperva WAF integrates with the solutions of the leading security SIEM providers to export events such as Syslog messages, JSON format and Common Event Format (CEF). Imperva WAF makes event management simple by indexing them in real-time to make them easily searchable for quick Incident Response (IR).

Next-Generation Firewalls vs Web Application Firewalls

NGFW and WAF

The comparison table above was drafted by the security research company Gartner, showing the main differences between WAF and NGFW.

WAF solutions provide almost all the features of the older NGFW solutions. In addition, they use intelligent policies to prevent many types of attacks such as SQL Injection and Cross-Site Scripting, which makes them better equipped to secure web applications. WAF solutions are also adaptable and able to learn new rules and policies in real-time to more efficiently block threats.

Imperva Cyber Security Solutions

Imperva provides a WAF solution identified by analysts as the industry leader. We offer a choice between a cloud WAF solution that safeguards applications and APIs at the network edge, and an on-prem gateway WAF that secures applications and APIs inside your network.

In addition to WAF, we offer a comprehensive application security solution including:

  • DDoS Protection—maintain uptime in all situations. Prevent any type of DDoS attack, of any size, from preventing access to your website and network infrastructure.
  • CDN—enhance website performance and reduce bandwidth costs with a CDN designed for developers. Cache static resources at the edge while accelerating APIs and dynamic websites.
  • RASP—keep your applications safe from within against known and zero‑day attacks. Fast and accurate protection with no signature or learning mode.
  • Attack analytics—mitigate and respond to real security threats efficiently and accurately with actionable intelligence across all your layers of defense.
  • Account takeover protection—uses an intent-based detection process to identify and defends against attempts to take over users’ accounts for malicious purposes.
  • API security—protects APIs by ensuring only desired traffic can access your API endpoint, as well as detecting and blocking exploits of vulnerabilities.
  • Bot management—analyzes your bot traffic to pinpoint anomalies, identifies bad bot behavior and validates it via challenge mechanisms that do not impact user traffic.