In order to protect your data as much as possible, it’s essential that you stay on top of the latest trends for network attacks and the newest prevention technologies. Your business depends on it.
A typical Firewall is a security device that sits at the edge of your business IT network. Working as the gate keeper to your internal network, a Firewalls job is to authorise what kind of data can be received and also, regulate what type of data it will allow to leave. Alongside keeping your incoming and outgoing data safe, a Firewall will also deny unauthorised entry from suspicious external sources that may attempt to remotely access your internal network to pray on your data by creating security breaches and cyber attacks. These types of attacks can pass viruses through your network which in turn, infect your IT infrastructure.
As you will have heard medical professionals say – “prevention is better than cure”. This is exactly the primary function of a basic Firewall; to prevent the issue in the first instance. At the edge of your network, and before getting close to business sensitive information. As such, a firewall should only be one aspect of a company’s IT security protocols deployed to protect your business.
A typical standard firewall only takes care of part of your network, in which case, there are many additional security protocols that businesses should use in other parts of their network to keep their data and their users safe and sound. They include;
As one starts to delve deeper, it becomes more that as there are multiple pieces of hardware and software needed to keep a network protected. Things can start to look rather convoluted, as if just one of those factors were to fail, a business could quite quickly see a domino effect on the rest of their network.
This is where ‘Next Generation Firewalls’ come in to their own, providing a more unified solution in addressing the primary network security needs of businesses.
Next Generation Firewalls are network security devices that have constantly evolving internal software. Understanding that Cyber threats are a moving target, as hacking attacks are constantly morphing and mutating, a Next Generation Firewall is constantly downloading new information to the device in real-time. This enables them to handle the latest threats as soon as they have been identified.
Due to the sophistication and constant evolution of the software within Next Generation Firewalls such as Fortigate, they are sold as a licensed device. Normally with a 1 or 3 year operational duration. As Next Generation devices are licensed, it enables them access to real-time benefits like software updates that change their internal definitions of viruses and malware. This enables them to spot and protect against the latest viruses and malware before they can even get close to entering your network.
Operating system updates to implement security patches as will be required from time to time –is a much more involved job and generally requires a trained expert to migrate the system configuration across to the device itself once the updated firmware is in place. So, if you are not in the business of doing this day to day it’s best to have the support of a company that can assist in managing this for your business. With the FortiSupport contract IC offer we can do all this for you; and if additional work needs doing or your require the work to be done during anti-social hours, with our support package we will do this as well as anti-social hours working for you at half our standard hourly rate.
Next Generation Firewalls are very sophisticated computer based systems, to get the best from them, they require complex configuration by specially trained engineers. When correctly configured, they deliver benefits to your business such as:
Securing all data communication both in to and out of your organisation, (including web browsing and Voice over IP phone systems), Next Generation Firewall Services combine traditional firewall features with other network device filtering functions. By using in-line deep packet inspection (DPI) of the data as it passes through the firewall, the next gen device can provide an intrusion prevention system (IPS) as well as anti-virus scanning, checking for attacks and also monitoring all data leaving the network to check for and prevent data leaks. Where other Next Generation Firewalls can have their limitations, this comprehensive functionality and feature rich components make Forigate a high class device of choice.
Due to the complexities of processing high volumes of data at high speeds, a Next Generation Firewall can often be a restriction on the high speed internet connection your business needs, (usually without you realising) so picking the right one for your business is crucial.
Choosing the correct device, perfect for the way your business will use it most efficiently isn’t as straight forward as it first appears as many manufacturers quote the ‘throughput’ of a Firewall with little or no threat protection enabled. (This is akin to purchasing the newest smart TV but not being able to watch any of the channels!)
Next Gen Firewalls advertised with a ‘throughput’ of 1Gb per second may (with all the protection and features we have outlined enabled) may achieve less than 1/10th of that speed because a device like a Fortigate will inspect each tiny packet of data that enters and exits your network. So when we talk about ‘throughput’, we are talking about fully analysed traffic. There are a number of features that can be independently switched on which are compute intensive. These include virus scanning, data leak protection, and inspection of secure encrypted web traffic.
If your business is using a 1Gb/s dedicated Internet connection, we generally find that they can opt to purchase a smaller Next Generation Fortigate device with a 700Mb/s throughput as this satisfies most operational requirements but at a more affordable price.
However, for data hungry businesses and larger organisations, (or those that perform external system backups), we would always recommend a higher specification of Fortigate. A larger device will enable a full 1Gb/s of throughput even with all additional Next Generation features invoked, and keep your Internet connectivity ready for your usual day-to-day operation, like ensuring your backups are completed overnight so as not to slow down daily tasks during working hours.