|
General
|
|
Written by Daniel
|
|
Thursday, 29 November 2007 11:14 |
Next-generation firewalls will come with true IPS integration and app-awareness, but experts say ability to distinguish data is key
NOVEMBER 28, 2007 | 5:45 PM
By Kelly Jackson Higgins
Senior Editor, Dark Reading
First it was ports, then protocols, and now, applications: A new generation of firewalls is slowly emerging with more sophisticated inspection and blocking features at higher speeds. These new devices will not only do intrusion prevention, but also filter by application type.
The protocol inspection method used by traditional firewalls is no longer enough, as more and more applications use Port 80, or HTTP.
"It's increasingly clear that 10 years from now, virtually everything will run on port 80, alongside Web browsers, which means that 90 percent of the rules in today's firewalls will be irrelevant," says Thomas Ptacek, principal with Matasano Security.
Palo Alto Networks says its so-called App-ID technology in its PA-4000 firewall addresses the Port 80 problem by using signatures and other known characteristics of specific applications to identify them on the network. "We classify the traffic, then you can secure it with antivirus, anti-spyware," etc., says Nir Zuk, founder and CTO of Palo Alto Networks. "First we decrypt SSL traffic and figure out what it [the application] is" using the App-ID technology and its repository of application characteristics, he says. (See Startup Puts New Spin on Firewalls and Palo Alto Networks Unveils its Next-Gen Firewall).
Most major firewall vendors are planning an "all-ports/all-protocols" approach similar to Palo Alto Networks' for their products, Matasano's Ptacek says. But merely adding application protocol awareness is not the solution to the Port 80 problem, he contends: "The Port 80 problem is that both PeopleSoft and Digg use the same protocol, HTTP," for instance, he says. "How do you differentiate?"
Firewalls must go deeper than this approach -- there are just too many apps to account for, he says. "When both Digg and PeopleSoft use the same protocol, it's clearly not enough to know what the protocol is," he says. "The problem is that there are thousands and thousands of applications."... More Comment in the Forum |
