1. The Web is everywhere. Protect it. Content security is evolving beyond the perimeter. While most organizations tend to deploy Internet-facing email servers, Web servers or even IM servers in just a few locations, most allow ad hoc Web browsing access from all locations. In addition, use of laptops at home or on the road opens up yet another threat vector. The dispersed nature of protection calls for a hybrid approach — on-premises gateway protection at larger locations with fixed desktops and cloud protection for smaller offices and mobile workers.
2. Web application security has evolved. Change with it. While early Web Application Firewall solutions were deployed off to the side by sniffing through a span port, modern threats have required a fundamental change to deployment scenarios and the design of the network. Modern security approaches have imposed requirements for a full reverse proxy rather than a sniffer, in order to prevent session tampering, cross-site request forgery and even Web site reconnaissance all of which require rewriting of traffic inline. In addition, modern DMZ architectures now bring together Web application security with other requirements such as load balancing, access control and acceleration. As such, Web Application Firewall solutions have evolved from point solutions in the network to a core component of the next generation DMZ architecture.
3. Time for a Next Generation Firewall. The old traditional layer 3/4 network firewall is essentially dead. As Web 2.0 applications tunnel traffic over HTTP or HTTPS and as peer-to-peer (P2P) applications continue to proliferate, traditional firewalls no longer serve the purpose of either protecting networks or users. Next generation firewalls must combine awareness of applications, users, content and context with network security. To combat modern threats, the next generation firewall must integrate multiple technologies, including Layer 7 application profiling, intrusion prevention, application proxies, content security and network access control. At the same time, organizations should also recognize that beyond a changing threat landscape, organizations are also thinking beyond the perimeter. The challenges cease becoming how big an individual firewall scales but rather how to manage them across multiple locations.
Barracuda Networks and its partners are engaging active discussions on these topics and more.