McAfee has upgraded its Next Generation Firewall, pushing the product’s increasing integration with the other parts of the firm’s security ecosystem as the feature that gives it an edge over rivals.
Exactly what is new can get pretty confusing because this class of perimeter security box already has a lot going on inside it. Beyond the established packet and port-watching, McAfee’s firewall manages applications and users, comes with integrated intrusion prevention (IPS), built-in VPN and even clustering of multiple boxes to expand throughput.
Built on Intel processors (of course) the first thing the latest version adds is full integration with the anti evasion technique (AET) mojo the firm got its hands on when it bought Finnish firewall obsessives Stonesoft in 2013.
Not many vendors talk about AETs but it’s easiest to think of them as sophisticated ways attackers try to sneak incursions past IPS systems. The problem with them has been pointing to attacks where they’ve been used in anger but McAfee’s Stonesoft engineers are adamant that they are a real threat.
A second story is the way the Next Generation Firewall improves integration with software such as McAfee’s ePolicy Orchestrator, Enterprise Security Manager, Advanced Threat Defense, and Global Threat feeds.
Not all of this is brand new but the direction of travel is to use the Firewall as a focal point that anchors threat intelligence. We tried to prise out of McAfee some specifics that could be summarised in something smaller than an entire spec sheet and got the following answer.
The Firewall knows more about what is happening on the endpoints than before and can feed this back to sysadmins; management is better because it can send alerts and compliance data to Enterprise Security Manager; the Firewall now has full Threat Defense integration that gives it a way of spotting and stopping things like zero-day attacks; the Global Threat Intelligence can now spot connections to sites that fail the reputation score.
This underlines how complex perimeter firewalls have become and how they are competing with other types of security products that aren’t firewalls. McAfee insists that the Next Generation Firewall is more than a long and pretty spec sheet.
“A few months ago, we outlined our approach to strengthening network security through powerful integrated technologies and this release represents another significant milestone in the fruition of that strategy,” insisted McAfee UK regional director for network security, Ash Patel.
However, he agreed that the swelling features list meant that “IT managers are sometimes confused about firewalls.”
As part of its launch, McAfee conducted research that found that many organisations tackled expanding security threats by buying more security products. This left more than half managing systems from five or more vendors in independent ‘silos’, something that forced too much manual intervention.
A majority of those asked agreed that this fragmentation had probably compromised security. The design philosophy of the Next Generation Firewall was to solve this issue by integrating security through as few interfaces as possible.
“It’s no longer enough for businesses to deploy point security products in answer to the latest security threat or compliance requirement. How these systems communicate to provide actionable intelligence has to be a priority to stay one step ahead of advanced attacks,” said Patel.
Behind the scenes, the way products such as this feed in usable data on real threats will be a major area of complexity but also promise in the coming years. Nobody wants to usher in a new age of false positives that admins end up ignoring. McAfee is only months into a new threat-sharing agreement with onetime arch rival Symantec through the Cyber-Threat Alliance.