Network security in most organisations is fragmented and uncertain allowing exposure to threatening business risks and continually rising costs.

Next generation firewalls have become the most strategically important network security device within organisations particularly as the Internet now accounts for the majority of traffic moving across networks.

And it's no longer just web surfing. Network users are accessing new generations of web-based applications for both personal and business use. Many of these applications help improve user and business productivity, while others consume large amounts of bandwidth, pose needless security risks, and increase business liabilities.

Applications have become the predominant threat vector. But traditional "port blocking" firewalls are unable to identify or effectively control any of them. That's because they classify traffic based only on ports and protocols.

For example, most web traffic would be identified as simply HTTP coming through port 80, with no information on the specific applications associated with that port and protocol. Even worse, this problem is not limited to just port 80. Internet applications are increasingly using encrypted SSL tunnels on port 443, use clever evasive tactics to disguise themselves, or use port-hopping to find any entry point through the firewall. Existing firewalls cannot see or control any of this traffic.

"Port blocking" firewalls are no longer an effective network security solution to manage the risks and rewards of today's Internet applications. As the Internet has developed firewalls have not. Firewalls have seen no innovation and have changed very little over the last 15 years.

IT organisations have tried to compensate for firewall deficiencies by surrounding them with proxies, intrusion prevention systems, URL filtering, and other costly and complex devices.

The solution... Next generation firewalls

These offer real innovation, enabling unprecedented visibility and control of applications and content - by user, not just IP address, ports or protocols.

All information about ports, protocols, evasive tactics and SSL encryption is fully visible and content scanned to stop threats and prevent data leakage.

Unknown and untrusted threats are quarantined and never enter the network. A real time alert is produced for a DASHBOARD display and/or email. These threats are forensically analysed so a new security policy can then be created.

There is no performance degradation as each packet is fully scanned for ALL threats ONCE only, traditional iterative scanning is made redundant.

Organisations can, for the first time, embrace web-based applications and social media and maintain complete visibility and control, while significantly reducing total cost of ownership through architecture simplification and device consolidation.

Unique capabilities:

• classifies traffic based on the accurate identification of the application, not just port/protocol information
• identifies, controls and inspects SSL encrypted traffic and applications
• real-time (line-rate, low latency) content scanning to protect against viruses, spyware, data leakage and application vulnerabilities based on a stream-based threat prevention engine
• provides graphical visualisation of applications on the network with detailed user, group and network-level data categorised by sessions, bytes, ports, threats and time
• provides policy-based QoS traffic shaping by application and user, enabling you to control performance of business and personal applications on the network
• scans content for social security and credit card numbers, to help prevent leakage of sensitive data and support PCI compliance
• delivers a logical perimeter for mobile users.

Next generation firewalls can be managed with a centralised management system that provides global visibility and control over multiple next generation firewalls through an easy-to-use web-based interface.