5 Critical Mistakes to Avoid: Incorrectly Sizing Your Future NGFW

Share and earn Cybytes
Facebook Twitter LinkedIn Email

This post is part of a blog series where we dive into the five critical mistakes to avoid when evaluating a next-generation firewall. Avoid these, and you’ll be well on your way to picking the right next-generation firewall.

How will you know if the NGFW you’re considering is the right one for your organization? The safest bet is to test it. But when evaluating and selecting a new NGFW, there are some common mistakes security professionals often make. One of these critical mistakes is highlighted in detail below, along with insight and recommendations to help you avoid the blunder.

Mistake #1: Incorrectly Sizing Your Future NGFW

Avoid relying solely on datasheets and other “performance on paper” summaries as they are inaccurate points of comparison for firewalls. There are fundamental differences in features and offerings from one firewall vendor to the next. For example, one vendor might measure consolidated threat prevention features (e.g., intrusion prevention systems, antivirus, command and control, URL filtering) in terms of performance impact, while another might highlight performance impact based solely on best-of-breed IPS capabilities in a stand-alone box. To ensure accurate “apples to apples” firewall comparisons, organizations should size capabilities to their real-world environments’ requirements (e.g., IPS, application control, advanced malware detection), in addition to the traffic mix. When doing so, it’s critical to account for performance impact resulting from enabling other features in the future.

In addition, advanced capabilities, such as SSL decryption, will vary in performance impact depending on processing logistics. Some vendors decrypt using the hardware form factor, while others decrypt using software – each with varying degrees of performance effect. Further, threat response performance should only be compared with all required signatures activated. Carefully read the documentation for out-of-the-box collections of signatures to determine actual coverage. Performance often continues to degrade with the introduction of additional signatures.

  • Avoid trade-offs between security and performance. You should never have to decide between enabling a feature or signature and crippling your performance.
  • Accurately map to your requirements for throughput and traffic composition. It is difficult to argue against testing the actual traffic to be secured. Simulators can’t represent custom applications, real-world usage scenarios or shadow IT.

To correctly size your next NGFW while also ensuring maximum performance, security and ROI, run a proof of concept in your organization. A POC allows you to accurately test next-generation firewalls, their affiliated services and subscriptions – either on their own or against one another – in your actual, operational IT environment, whether it is physical, virtual or a hybrid.

For more critical mistakes to avoid when evaluating a next-generation firewall, download the white paper: 5 Critical Mistakes When Evaluating a Next-Generation Firewall.

The post 5 Critical Mistakes to Avoid: Incorrectly Sizing Your Future NGFW appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?