For long the backbone of most enterprise’s network security infrastructure, traditional stateful packet inspec¬tion firewalls are essentially blind to modern applications and threats. This condition has put many IT/Security managers in a precarious position. Should they attempt to utilize coarse control capabilities currently at their disposal, blocking ports or entire protocols just to eliminate access to a handful of known bad applications? For that matter, will such an approach even work? Or do they plot a more permissive course, allowing access to every application the business deems necessary or useful, simultaneously exposing the organization to greater risk and a myriad of unwanted applications that sap user productivity and consume valuable computing resources?
The answer is “none of the above.” What organizations need instead is a next-generation firewall featuring application control. Among its many benefits, application control promises to restore firewall effectiveness by enabling IT to implement and enforce granular policies governing application access while helping prevent application-layer threats and unwanted exposure of sensitive data. Realizing this promise, however, is by no means guaranteed. The approaches being taken by both incumbent and emerging firewall vendors are many and varied, and so too are the results. Accordingly, this paper provides detailed explanations for the top criteria and capabilities that must be fulfilled to ensure enterprise expectations and objectives are fully met with regard to this crucial facet of next-generation firewalls.
