Next-Generation Security

As you have probably seen, every security product is going towards Next-Generation Security. For some, this is another marketing buzzword designed to turn heads and for others they know it as more advanced tools and features that build upon existing technologies. In this article, I will explain from my point of view what Next-Generation is and how it is far more than just a new marketing buzzword.

The two main security products that we see coined with Next-Generation is going to be Firewalls and Anti-Virus, so lets look at these two Security Components first.

Next-Generation Anti-Virus (NGAV)

NGAV Overview

Next-Generation Anti-Virus is the next step in Anti-Virus evolution, taking normal Anti-Virus a step further ensuring that your endpoints have better protection against a wider spectrum of attacks. These attacks include: zero-days, ransomware and file-less attacks.

Unlike traditional Anti-Virus, which scans a piece of malware and looks up the signature against a file. Next-Generation Anti-Virus takes a different approach by looking past just malware based attacks and focuses on the behavior of the endpoint and its processes to identify if malicious tools and attack patterns are being used to compromise the system. Most Next-Generation Anti-Virus vendors use an element of machine learning to support the detection of attacks from tool-sets and malware that hasn’t yet been added to the signature file.

NGAV Functionality

It’s because of this that Next-Generation Anti-Virus can provide us with the following functionality:

Prevents standard/known malware just like Traditional Anti-Virus
Prevents Unknown malware, by looking at the behavior of the file and the processes that it executes
Prevents Exploits that would not generally need Malware (Malware-less Attacks), again looking at process execution and evaluating the context of the process (Indicators of Attack)
Provides insight and visibility into the attack chain, this allows us to understand the root cause much quicker and prevent similar attacks
Responds to, and remediates, attacks. Once an attack has been detected, how do we isolate and clean the machine?

For those of you that are familiar with traditional Anti-Virus, you will quickly see that the first point above is the only thing that you really get with traditional Anti-Virus, making Next-Generation Anti-Virus a very appealing option to look at that gives us further protection, but also the tools to investigate and remediate, should a breach happen.

NGAV Summary

In summary, Next-Generation Anti-Virus is being able to provide an adequate level of protection, above that of signature based detection, but also giving us access to Endpoint Detection & Response (EDR) tools to support with the investigation and remediation if/when a breach occurs.

Next-Generation Anti-Virus is more than just a marketing buzz word. Investigating and adopting new technology is required because attackers are evolving too and are getting very good at evading and bypassing traditional anti-virus systems.

NGAV Example Vendors

A number of existing vendors and new vendors are coming to market with their Next-Generation Anti-Virus solutions, I have listed a few here (Please note, that this list is not exhaustive):

I have linked the above into some vendor articles of their offerings to provide more information on each.

Next-Generation Firewalls (NGFW)

NGFW Overview

A Next-Generation Firewall, also known as the third generation of Firewall, are Firewall devices that combine in functionality from other networking security devices to provide greater security, under one appliance. NGFWs can differ from vendors, but will generally include these core components:

Enterprise Managed Firewall Capabilities
Intrusion Detection and Prevention Systems (IDS/IPS)
Application Awareness and Control

NGFW’s are available as a traditional Hardware based appliance, but normally have a virtual equivalent that can be deployed on a supporting hyper visor or even within Public Cloud Services.

NGFW Features

Further to the above, other features that we have seen coupled in with Next-Generation Firewalls is: Website Filtering, QoS, Deep Packet/Encrypted Traffic inspection and Antivirus inspection.

All of the above features, combined in the networking level provides a stronger security perimeter and protection for your services.

Next-Generation Firewalls typically include the functionality from Second Generation devices, these are features like: VPN Tunneling capabilities, NAT and Packet Filtering.

Next-Generation Vs. Second Generation

The main difference between Next-Generation Firewalls and Traditional/Second Generation Firewalls is that Next-Generation Firewalls add application (Layer 7) inspection, not simply Layer 3 & 4 that would be expected from traditional protection. By adding in this application level inspection, the firewall is capable of analysing the contents of the packets of data, not just the header of the packet, this effectively means that Next-Generation Firewalls have the capability of checking packet payloads and matching signatures to harmful activities, exploitable attacks and malware.

NGFW Summary

In summary, Next Generation Firewalls add more coverage over the networking layers, not just operating at Layer 3 but also Layer 7, which can offer more intelligent protection to your services. Next-Generation Firewalls can also act in Transparent Mode or In-Line mode where it can be used to scan packets following through the device (But not action any rules).

While the security perimeter has indeed changed with the introduction of cloud services outside of our network, most businesses still have on-premises resources that need to be protected on the networking level. Further to this, if you have done a ‘Lift and Shift’ of virtual machines to platforms like Azure or AWS EC2 then these will still need protecting on the networking layer with an appliance that has Next-Generation features.

NGFW Example Vendors

A number of existing vendors and new vendors are coming to market with their Next-Generation Firewall solutions, I have listed a few here (Please note, that this list is not exhaustive):