In our previous article, we examined the factors leading up to the transformation of legacy security systems. However, the story does not end there. In more ways than one, the Next Generation Firewall has brought about an unusual marriage between network and security. The proceeding ripple effect has affected service delivery models and organization hierarchies. However before looking deeper into the impact of NGF, it is worth touching upon the challenges involved in migrating to this technology.
Though extensibility is a key feature of NGF technology, it comes at a price – capital expenditure in integration with IT infrastructure, such as active user directory, etc. The constitution of this capital investment is typically software design analysis, that must precede any implementation. In addition, to maximize the gains of the NGF, an organizational survey for granular access policies might be necessary. Network Expert Vinay Kumble adds, ‘You would need to review your IT security policies to understand dos and don’ts or maybe plugin additional dos and don’ts.
Mr. Sunil Sharma, Vice President Sales and Operations of security leader Cyberoam, however, says that his organization’s R&D team works very hard in making this transition smoothly. Through appropriate training and the establishment of support centers, he believes that migrating to NGFs can be hassle free. ‘In the last firewall, there was a configuration that was done keeping in mind customer environment… We are able to record that (existing rules in the environment) and put it back in the next generation firewall with new special add-on features. So migration for customers is no problem.’
With the adoption of next-generation firewalls, the support complexities of the service delivery models have gone up. Traditionally, i.e. in legacy systems, firewalls were managed by a network team. The concept of security was introduced quite recently, with IPS (Intrusion Protection Systems). Now, the integration of content filtering and IPS into NGF has resulted in an overlap between network and security support. Network teams are typically not familiar with jargon such as deep packet inspection, which powers NGF. This remains within the domain of security.
The implication of this overlap is that more burden must shift from the network teams to the security teams. With the centralization of control of an environment, it makes sense that the corresponding delivery unit also be consolidated centrally so that a one to one mapping is maintained. If this migration is not triggered parallel to the adoption of the technology itself, the machinery fails to work in an optimized manner. Failure of a delivery model to complement any next generation technology, will result in greater turnaround times in the form of unnecessary inter team interactions. Mr Sunil Sharma also points out that the concept of a CISO (Chief Information Security Officer) is also an exemplification of the consolidation of network and data security into a single vertical.
The centralization of access to secure environments is also a manifestation of a larger shift to integrated technology models. Service delivery providers now offer ‘Unified Communication Services’ wherein infrastructure itself is sold as a component (IaaS). IaaS usually consists of compute, storage and network sold together as a single component.
Another interesting implication of next generation unified technologies is collaboration and partnerships which hitherto had not existed. Earlier this year, Cisco announced an important strategic partner to its list of ACI-compliant (Application Centric Infrastructure) vendors with the addition of the Check Point Next Generation Security Gateway to their ecosystem of solutions. Vinay Kumble says this marriage comes at an opportune moment as, ‘Cisco’s strength has always been data centers whereas Check Point’s strength has been more towards security.’
Written with input from Vinay Kumble and Sunil Sharma