{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"comparison":{"compare":{"en":"Compare","ru":"Сравнить","_type":"localeString"},"characteristics":{"ru":"Характеристики","_type":"localeString","en":"Characteristics"},"additional_template":{"en":"Additional characteristics","ru":"Дополнительные характеристики","_type":"localeString"},"nothing_to_show":{"ru":"Нет данных для отображения","_type":"localeString","en":"No data to compare"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"ru":"Как это работает","_type":"localeString","en":"How does it works","de":"Wie funktioniert es"},"login":{"_type":"localeString","en":"Log in","de":"Einloggen","ru":"Вход"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"ru":"FAQ","_type":"localeString","en":"FAQ","de":"FAQ"},"references":{"_type":"localeString","en":"Requests","de":"References","ru":"Мои запросы"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find-it-product":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"autoconfigurator":{"_type":"localeString","en":" Price calculator","ru":"Калькулятор цены"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"_type":"localeString","en":"Catalogs","ru":"Каталоги"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"en":"Categories","ru":"Категории","_type":"localeString"},"for-suppliers":{"_type":"localeString","en":"For suppliers","ru":"Поставщикам"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"en":"Deals","ru":"Сделки","_type":"localeString"},"my-account":{"en":"My account","ru":"Мой кабинет","_type":"localeString"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"en":"Are you sure you want to delete","ru":"Подтвердите удаление","_type":"localeString"},"search-placeholder":{"en":"Enter your search term","ru":"Введите поисковый запрос","_type":"localeString"},"my-profile":{"_type":"localeString","en":"My profile","ru":"Мои данные"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"en":"Get reference from user","_type":"localeString"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"en":"Learn implementation reviews","_type":"localeString"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"en":"Explore IT products by category","_type":"localeString"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"en":"IT catalogs","_type":"localeString"}},"footer":{"copyright":{"ru":"Все права защищены","_type":"localeString","en":"All rights reserved","de":"Alle rechte vorbehalten"},"company":{"en":"My Company","de":"Über die Firma","ru":"О компании","_type":"localeString"},"about":{"ru":"О нас","_type":"localeString","en":"About us","de":"Über uns"},"infocenter":{"_type":"localeString","en":"Infocenter","de":"Infocenter","ru":"Инфоцентр"},"tariffs":{"_type":"localeString","en":"Subscriptions","de":"Tarife","ru":"Тарифы"},"contact":{"de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString","en":"Contact us"},"marketplace":{"_type":"localeString","en":"Marketplace","de":"Marketplace","ru":"Marketplace"},"products":{"en":"Products","de":"Produkte","ru":"Продукты","_type":"localeString"},"compare":{"en":"Pick and compare","de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString"},"calculate":{"_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость"},"get_bonus":{"en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString"},"salestools":{"de":"Salestools","ru":"Salestools","_type":"localeString","en":"Salestools"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"en":"Comparison matrix","de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString"},"b4r":{"en":"Rebate 4 Reference","de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString"},"our_social":{"ru":"Наши социальные сети","_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke"},"subscribe":{"ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"en":"Privacy Policy","ru":"Политика конфиденциальности","_type":"localeString"},"user_agreement":{"_type":"localeString","en":"Agreement","ru":"Пользовательское соглашение "},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"_type":"localeString","en":"Price calculator","ru":"Калькулятор цены"},"boosting":{"en":"Business boosting","ru":"Развитие бизнеса","_type":"localeString"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"_type":"localeString","en":"blog","ru":"блог"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"en":"Show form","ru":"Показать форму","_type":"localeString"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"_type":"localeString","en":"Email","ru":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"_type":"localeString","en":"Subscribe","ru":"Подписаться"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter","de":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"}},"breadcrumbs":{"home":{"en":"Home","ru":"Главная","_type":"localeString"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"_type":"localeString","en":"Last name","ru":"Фамилия"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"_type":"localeString","en":"Saving type","ru":"Тип экономии"},"comment":{"ru":"Комментарий","_type":"localeString","en":"Comment"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"en":"I agree","ru":"Я согласен","_type":"localeString"},"terms-of-use":{"_type":"localeString","en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"en":"Thank you for your understanding","ru":"Спасибо за ваше понимание","_type":"localeString"}}},"translationsStatus":{"comparison":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"comparison":{"title":{"ru":"Сравнить продукты","_type":"localeString","en":"Compare products"}}},"pageMetaDataStatus":{"comparison":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{"13":{"id":13,"title":"NG Firewall","characteristics":[{"id":153,"title":"Functionalities","required":0,"type":"multiselect"},{"id":147,"title":"Data Leak Prevention","required":0,"type":"binary"},{"id":145,"title":"Context-aware policy","required":0,"type":"binary"},{"id":143,"title":"DDOS protection","required":0,"type":"binary"},{"id":141,"title":"Network behavior analysis support","required":0,"type":"binary"},{"id":139,"title":"Sandboxing support","required":0,"type":"binary"},{"id":135,"title":"Antivirus and antispyware functions","required":0,"type":"binary"},{"id":133,"title":"IDS/IPS availability","required":0,"type":"binary"},{"id":1268,"title":"Bot protection","required":0,"type":"binary"},{"id":1270,"title":"Application level attacks protection (Application Intelligence)","required":0,"type":"binary"},{"id":1272,"title":"Two-factor authentication (2FA)","required":0,"type":"binary"},{"id":1274,"title":"Certificates based authentication","required":0,"type":"binary"},{"id":1276,"title":"Available proxy modes","required":0,"type":"multiselect"},{"id":1278,"title":"Management","required":0,"type":"multiselect"},{"id":1280,"title":"Deployment options","required":0,"type":"multiselect"},{"id":1282,"title":"Integrations","required":0,"type":"multiselect"},{"id":1284,"title":"OS and hardware","required":0,"type":"binary"}]}},"comparisonByTemplateId":{},"products":[{"id":1399,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/baracuda_networks.png","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/barracuda_NG_Firewall_scheme.png","scheme":true,"title":"Barracuda NextGen Firewall (NGFW)","vendorVerified":0,"rating":"3.00","implementationsCount":4,"suppliersCount":0,"alias":"barracuda-nextgen-firewall-ngfw","companyTypes":[],"description":"<span style=\"font-weight: bold;\">Next-Generation Firewalls for the Cloud Era</span>\r\nIn the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted applications. The Barracuda NextGen Firewall F-Series is a family of hardware, virtual, and cloud-based appliances that protect and enhance your dispersed network infrastructure. They deliver advanced security by tightly integrating a comprehensive set of next-generation firewall technologies, including Layer 7 application profiling, intrusion prevention, web filtering, malware and advanced threat protection, antispam protection, and network access control. In addition, the F-Series combines highly resilient VPN technology with intelligent traffic management and WAN optimization capabilities. This lets you reduce line costs, increase overall network availability, improve site-to-site connectivity, and ensure uninterrupted access to applications hosted in the cloud. Scalable centralized management helps you reduce administrative overhead while defining and enforcing granular policies across your entire dispersed network. The F-Series cloud-ready firewalls are ideal for multi-site enterprises, managed service providers, and other organizations with complex, dispersed network infrastructures.\r\n<span style=\"font-weight: bold;\">Security for the Cloud Era</span>\r\nSecurity paradigms are shifting—and securing your network perimeter is no longer good enough. In the cloud era, workloads happen everywhere, users are increasingly mobile, and potential attack surfaces are multiplying. Barracuda NextGen Firewall F-Series is purpose-built to deal with the challenges of securing widely distributed networks.\r\n<span style=\"font-weight: bold;\">Advanced Threat Protection</span>\r\nIn today's constantly evolving threat landscape, your organization faces zero-hour malware exploits and advanced persistent threats that routinely bypass traditional, signature-based IPS and antivirus engines. Barracuda Advanced Threat Protection gives your security infrastructure the ability to identify and block new, sophisticated threats-without affecting network performance and throughput.\r\n<span style=\"font-weight: bold;\">Secure SD-WAN..</span>\r\nBarracuda Cloud Era Firewalls include full next gen Security paired with all network optimization and management functionality today known as Secure SD-WAN. This includes true zero touch deployment (ZTD), dynamic bandwidth measurement, performance based transport selection, application specific routing and even data duplication and WAN optimization technology. VPN tunnels between sites can make use of multiple uplinks simultaneously and dynamically assign the best path for the application.\r\n<span style=\"font-weight: bold;\">This enables:</span>\r\n\r\n<ul> <li>Balancing of Internet traffic across multiple uplinks to minimize downtime and improve performance</li> <li>VPN across multiple broadband connections and MPLs replacement</li> <li>Up to 24 physical uplinks to create highly redundant VPN tunnels</li> <li>Replacing network backhauling central policy enforcement architectures with direct internet break outs</li> <li>Faster access to cloud applications like office365 by dynamically prioritizing them over non-critical traffic</li> <li>Guaranteed users' access to critical applications through granular policy controls</li> <li>Increased available bandwidth with built-in traffic compression and data deduplication</li> <li>Auto creation of VPN tunnels between spokes in a hub-and-spoke architecture to enhance connection quality for latency-sensitive traffic</li> </ul>\r\n<span style=\"font-weight: bold;\">Why Barracuda NextGen Firewall?</span> When selecting security technology, it is critical that your products are supported by people who take your data security as seriously as you do. The Barracuda NextGen Firewall is supported by our award-winning 24x7 technical support staffed by in-house security engineers with no phone trees. Help is always a phone call away. Hundreds of thousands of organizations around the globe rely on Barracuda to protect their applications, networks, and data. The Barracuda NextGen Firewall is part of a comprehensive line of data protection, network firewall, and security products and services designed for organizations seeking robust yet affordable protection from ever-increasing cyber threats.\r\n<span style=\"font-style: italic;\">Source:&nbsp;https://www.barracuda.com/products/nextgenfirewall_f</span>","shortDescription":"Barracuda's Next Generation Firewalls redefine the role of the Firewall from a perimeter security solution to a distributed network optimization solution that scales across any number of locations.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":5,"seo":{"title":"Barracuda NextGen Firewall (NGFW)","keywords":"","description":"<span style=\"font-weight: bold;\">Next-Generation Firewalls for the Cloud Era</span>\r\nIn the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted ","og:title":"Barracuda NextGen Firewall (NGFW)","og:description":"<span style=\"font-weight: bold;\">Next-Generation Firewalls for the Cloud Era</span>\r\nIn the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/baracuda_networks.png"},"eventUrl":"","translationId":1400,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":730,"characteristicId":133,"templateId":13,"value":true},"135":{"id":729,"characteristicId":135,"templateId":13,"value":true},"139":{"id":727,"characteristicId":139,"templateId":13,"value":true},"141":{"id":726,"characteristicId":141,"templateId":13,"value":true},"143":{"id":725,"characteristicId":143,"templateId":13,"value":true},"145":{"id":724,"characteristicId":145,"templateId":13,"value":true},"147":{"id":723,"characteristicId":147,"templateId":13,"value":"N/A"},"153":{"id":720,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, Decrypting SSL traffic, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6342,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6343,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6344,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6345,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6346,"characteristicId":1276,"templateId":13,"value":"Reverse proxy, DNS proxy"},"1278":{"id":6347,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6348,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6349,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6350,"characteristicId":1284,"templateId":13,"value":true}}}},{"id":2252,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/cato-networks-logo.png","logo":true,"scheme":false,"title":"Cato Networks Cloud-based Next Generation Firewall","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"cato-networks-cloud-based-next-generation-firewall","companyTypes":[],"description":"<p>The Next Generation Firewall (NGFW) appliance has been the cornerstone of network security for the past two decades. It applies deep packet inspection (DPI) and multiple security engines to inspect both inbound and outbound traffic and enforce a company&rsquo;s security policy. The main characteristic of a NGFW is application awareness: the ability to detect and enforce policies on applications usage based on packet content rather than packet headers (source and destination IP addresses, ports and protocols).</p>\r\n<p>A cloud-based NGFW (also known as Firewall as a Service) delivers a powerful, application-aware, enterprise-grade, elastic and scalable solution without the challenges of legacy appliance-based solutions.</p>\r\n<p>Cato is providing a new kind of a Next Generation Firewall, one that is available everywhere the business does business without the need for discrete appliances. The Cato Cloud aggregates all enterprise traffic across data centers, branches, mobile users, and cloud infrastructure into a cloud network with built-in Next Generation Firewall . Cato enforces application-aware corporate security policy for WAN- and Internet-bound traffic.</p>\r\n<p><span style=\"font-weight: bold;\">Adaptable application awareness</span></p>\r\n<p>Cato uses its cloud traffic visibility to quickly extend its detection of new applications without involving the customer. New application identification capabilities are immediately available to all customers.</p>\r\n<p><span style=\"font-weight: bold;\">Full visibility</span></p>\r\n<p>As all WAN and Internet traffic goes through the Cato Cloud, there are no blind spots or need to deploy multiple appliances to cover all traffic.</p>\r\n<p><span style=\"font-weight: bold;\">Unrestricted cloud scalability</span></p>\r\n<p>Cato can inspect any encrypted and unencrypted traffic with all supported security services and no impact on performance. Customers avoid sizing exercises or forced upgrades. Cato ensures there&rsquo;s capacity so customers receive the full range of security services.</p>\r\n<p><span style=\"font-weight: bold;\">Full traffic inspection</span></p>\r\n<p>Cloud-based inspection scale to support all traffic without the need for unplanned or forced upgrades.</p>\r\n<p><span style=\"font-weight: bold;\">Self-maintaining cloud service</span></p>\r\n<p>Without the need to size, upgrade, patch or refresh appliances, customers are relieved of the ongoing grunt work of keeping network security current against emerging threats and evolving business needs.</p>","shortDescription":"Cato Networks Cloud-based Next Generation Firewall delivers a powerful, application-aware, enterprise-grade, elastic and scalable solution without the challenges of legacy appliance-based solutions.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cato Networks Cloud-based Next Generation Firewall","keywords":"","description":"<p>The Next Generation Firewall (NGFW) appliance has been the cornerstone of network security for the past two decades. It applies deep packet inspection (DPI) and multiple security engines to inspect both inbound and outbound traffic and enforce a company&rsq","og:title":"Cato Networks Cloud-based Next Generation Firewall","og:description":"<p>The Next Generation Firewall (NGFW) appliance has been the cornerstone of network security for the past two decades. It applies deep packet inspection (DPI) and multiple security engines to inspect both inbound and outbound traffic and enforce a company&rsq","og:image":"https://old.roi4cio.com/fileadmin/user_upload/cato-networks-logo.png"},"eventUrl":"","translationId":2253,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6551,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6550,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6557,"characteristicId":139,"templateId":13,"value":"N/A"},"141":{"id":6556,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":6554,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":6558,"characteristicId":145,"templateId":13,"value":"N/A"},"147":{"id":6555,"characteristicId":147,"templateId":13,"value":"N/A"},"153":{"id":6552,"characteristicId":153,"templateId":13,"value":"Application control, Decrypting SSL traffic, URL filtering"},"1268":{"id":6553,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6559,"characteristicId":1270,"templateId":13,"value":"N/A"},"1272":{"id":6560,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6561,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6562,"characteristicId":1276,"templateId":13,"value":"N/A"},"1278":{"id":6563,"characteristicId":1278,"templateId":13,"value":"N/A"},"1280":{"id":6564,"characteristicId":1280,"templateId":13,"value":"Virtualized environment"},"1282":{"id":6565,"characteristicId":1282,"templateId":13,"value":"N/A"},"1284":{"id":6566,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":1401,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/checkpoint_logo.png","logo":true,"scheme":false,"title":"Check Point Next Generation Firewall (NGFW)","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"check-point-next-generation-firewall-ngfw","companyTypes":[],"description":"<span style=\"font-weight: bold; text-decoration-line: underline;\">Benefits</span>\r\n<span style=\"font-weight: bold;\">Detects and controls application usage</span>\r\n<ul>\r\n<li>Identify, allow, block or limit usage of applications, and features within them</li>\r\n<li>Enable safe Internet use while protecting against threats and malware</li>\r\n<li>Leverage the world's largest application library with more than 6,600 web 2.0 applications</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\">Supports advanced identity awareness for stress-free policy enforcement</span>\r\n<ul>\r\n<li>Create granular policy definitions per user and group</li>\r\n<li>Integrate seamlessly with Active Directory</li>\r\n<li>Protect environments with social media and Internet applications</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\">Provides proven gateway security in a single, dedicated appliance</span>\r\n<ul>\r\n<li>Rely on 24/7 advanced protection</li>\r\n<li>Reap the benefits of application control and intrusion protection (IPS), as well as extensibility support for additional security capabilities</li>\r\n<li>Get greater understanding into security events with integrated, easy-to-use centralized management</li>\r\n<li>Join more than 170,000 customers, including 100 percent of Fortune 100 companies</li>\r\n</ul>\r\n<span style=\"font-weight: bold; text-decoration-line: underline;\">Features</span>\r\n<span style=\"font-weight: bold;\">Identity awareness</span>\r\nGreat security involves limiting and tracking access to sensitive data and resources. With the Next Generation Firewall, your administrators get detailed visibility into the users, groups, applications, machines and connection types on your network so they can assign permissions to the right users and devices. The firewall makes it easy and cost-effective to enforce security policy, giving granular permission control over these entities; this results in superior protection across the entire security gateway. Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple, application-based policy definition per user or group directly from the firewall. Users&rsquo; identification may be acquired in one of three simple methods:\r\n<ul>\r\n<li>Querying the Active Directory</li>\r\n<li>Through a captive portal</li>\r\n<li>Installing a one-time, thin client-side agent</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\">Application control</span>\r\nEmployees are using more apps than ever, and you&rsquo;re on the hook to protect them regardless of what they use. Check Point Next Generation Firewall has the industry&rsquo;s largest application coverage, with more than 6,600 applications and 260,000 social network widgets included. You can create granular security policies based on users or groups to identify, block or limit usage of web applications and widgets like instant messaging, social networking, video streaming, VoIP, games and more.\r\n<span style=\"font-weight: bold;\">Logging and status</span>\r\nTo help you make sense out of your security event data, we included SmartLog, an advanced log analyzer that delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.\r\n<span style=\"font-weight: bold;\">Integrated security management</span>\r\nOur unified security management simplifies the monumental task of managing your security environment. You&rsquo;ll see and control threats, devices and users with a highly intuitive graphical interface providing views, details and reports on your security health. Manage all your Check Point gateways and software blades from one comprehensive, centralized security dashboard.\r\n<span style=\"font-weight: bold;\">Intrusion prevention</span>\r\nNext Generation Firewall includes the Check Point IPS Software Blade, which secures your network by inspecting packets traversing through the gateway. It is a full-featured IPS, providing geo-protections and frequent, automated threat definition updates. Because the IPS is part of the integrated Software Blade Architecture, you&rsquo;ll get all the deployment and management advantages of a unified and extensible solution.","shortDescription":"Check Point Next Generation Firewall identifies and controls applications by user and scans content to stop threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Check Point Next Generation Firewall (NGFW)","keywords":"","description":"<span style=\"font-weight: bold; text-decoration-line: underline;\">Benefits</span>\r\n<span style=\"font-weight: bold;\">Detects and controls application usage</span>\r\n<ul>\r\n<li>Identify, allow, block or limit usage of applications, and features within them</li>\r\n<","og:title":"Check Point Next Generation Firewall (NGFW)","og:description":"<span style=\"font-weight: bold; text-decoration-line: underline;\">Benefits</span>\r\n<span style=\"font-weight: bold;\">Detects and controls application usage</span>\r\n<ul>\r\n<li>Identify, allow, block or limit usage of applications, and features within them</li>\r\n<","og:image":"https://old.roi4cio.com/fileadmin/user_upload/checkpoint_logo.png"},"eventUrl":"","translationId":1402,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":741,"characteristicId":133,"templateId":13,"value":true},"135":{"id":740,"characteristicId":135,"templateId":13,"value":true},"139":{"id":738,"characteristicId":139,"templateId":13,"value":true},"141":{"id":737,"characteristicId":141,"templateId":13,"value":true},"143":{"id":736,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":735,"characteristicId":145,"templateId":13,"value":true},"147":{"id":734,"characteristicId":147,"templateId":13,"value":true},"153":{"id":731,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6351,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6352,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6353,"characteristicId":1272,"templateId":13,"value":true},"1274":{"id":6354,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6355,"characteristicId":1276,"templateId":13,"value":"Reverse proxy"},"1278":{"id":6356,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6357,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode"},"1282":{"id":6358,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6359,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":1439,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Cisco_ASA_NGFW__Mezhsetevye_ehkrany_novogo_pokolenija_.jpg","logo":true,"scheme":false,"title":"Cisco ASA NGFW (Adaptive Security Appliance Software)","vendorVerified":0,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"cisco-asa-ngfw-adaptive-security-appliance-software","companyTypes":[],"description":"<span style=\"font-weight: bold;\">Features and Capabilities</span>\r\nCisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors - standalone appliances, blades, and virtual appliances - for any distributed network environment. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.\r\n<span style=\"font-weight: bold;\">Among its benefits, Cisco ASA Software:</span>\r\n<ul>\r\n<li>Offers integrated IPS, VPN, and Unified Communications capabilities</li>\r\n<li>Helps organizations increase capacity and improve performance through high-performance, multi-site, multi-node clustering</li>\r\n<li>Delivers high availability for high resiliency applications</li>\r\n<li>Provides collaboration between physical and virtual devices</li>\r\n<li>Meets the unique needs of both the network and the data center</li>\r\n<li>Provides context awareness with Cisco TrustSec security group tags and identity-based firewall technology</li>\r\n<li>Facilitates dynamic routing and site-to-site VPN on a per-context basis</li>\r\n</ul>\r\nCisco ASA software also supports next-generation encryption standards, including the Suite B set of cryptographic algorithms. It also integrates with the Cisco Cloud Web Security solution to provide world-class, web-based threat protection.","shortDescription":"The Cisco ASA Family of security devices protects corporate networks and data centers of all sizes. It provides users with highly secure access to data and network resources.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cisco ASA NGFW (Adaptive Security Appliance Software)","keywords":"","description":"<span style=\"font-weight: bold;\">Features and Capabilities</span>\r\nCisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form fa","og:title":"Cisco ASA NGFW (Adaptive Security Appliance Software)","og:description":"<span style=\"font-weight: bold;\">Features and Capabilities</span>\r\nCisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form fa","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Cisco_ASA_NGFW__Mezhsetevye_ehkrany_novogo_pokolenija_.jpg"},"eventUrl":"","translationId":1440,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":864,"characteristicId":133,"templateId":13,"value":true},"135":{"id":863,"characteristicId":135,"templateId":13,"value":true},"139":{"id":861,"characteristicId":139,"templateId":13,"value":true},"141":{"id":860,"characteristicId":141,"templateId":13,"value":true},"143":{"id":859,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":858,"characteristicId":145,"templateId":13,"value":true},"147":{"id":857,"characteristicId":147,"templateId":13,"value":"N/A"},"153":{"id":854,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, Decrypting SSL traffic, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6360,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6361,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6362,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6363,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6364,"characteristicId":1276,"templateId":13,"value":"Reverse proxy"},"1278":{"id":6365,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6366,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6367,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6368,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2250,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Clavister__logo_.png","logo":true,"scheme":false,"title":"Clavister Virtual Core Series","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"clavister-virtual-core-series","companyTypes":[],"description":"The Clavister Virtual Core Series is a set of network security products designed for virtual and cloud-based security, offering excellent performance, powerful security features and resource efficient. The Clavister Virtual Core Series offers you the same powerful security features you find in our hardware-based products, but for your virtual environment. Easily deploy your Clavister Virtual Core Series in market-leading VMware or KVM virtualization environments. Its minimal footprint and extremely low resource requirements makes the Clavister Virtual Core Series an optimal solution for all types of virtual and cloud-based network security solutions.\r\n<span style=\"font-weight: bold;\">True Application Control</span>\r\nClavister Virtual Core Series fully supports True Application Control – one of our next-generation firewall security services.\r\nEnabling True Application Control will help you to manage applications used in your network more safely. With added security you lower your overall risk exposure and as a result, costly security incidents and downtime can be avoided. It also gives you valuable insight in which applications are used by which user, and can therefore prioritize business critical application and increase your overall business productivity.\r\nTrue Application Control not only recognize more application and data, it understands how these application behave and can act immediately on malicious behavior.\r\nWith its unique support for Deep Application Content Control (DACC) technology, our application control can perform in-depth analysis and control of application content with higher degree of control. DACC enables you to understand and visualize Skype IDs, SQL queries, Facebook chat text, VoIP call information and much more.<br />Clavister SSL Inspection for Application Control provides a high performance and non-intrusive way to identify and control even SSL encrypted applications. True Application Control is included in the Clavister Security Subscription (CSS) service.\r\nUser Identity Awareness\r\nUser Identity Awareness (UIA) provides granular visibility of user identity, and enables you to control network access at the user level. The User Identity Awareness together with our True Application Control functionality will provide you with an extremely powerful and versatile tool for granular visibility and control of “who-does-what-and-when” in your networks. You will have the ability to pinpoint user access to applications across both wired and wireless networks regardless of connecting device.","shortDescription":"Clavister Next Generation Firewalls combine enterprise class firewalling with application recognition and advanced threat protection features that puts you back in control of your network.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Clavister Virtual Core Series","keywords":"","description":"The Clavister Virtual Core Series is a set of network security products designed for virtual and cloud-based security, offering excellent performance, powerful security features and resource efficient. The Clavister Virtual Core Series offers you the same powe","og:title":"Clavister Virtual Core Series","og:description":"The Clavister Virtual Core Series is a set of network security products designed for virtual and cloud-based security, offering excellent performance, powerful security features and resource efficient. The Clavister Virtual Core Series offers you the same powe","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Clavister__logo_.png"},"eventUrl":"","translationId":2251,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."},{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6534,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6533,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6540,"characteristicId":139,"templateId":13,"value":"N/A"},"141":{"id":6539,"characteristicId":141,"templateId":13,"value":true},"143":{"id":6537,"characteristicId":143,"templateId":13,"value":true},"145":{"id":6541,"characteristicId":145,"templateId":13,"value":"N/A"},"147":{"id":6538,"characteristicId":147,"templateId":13,"value":"N/A"},"153":{"id":6535,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, IPSec Site to Site VPN tunnels, Configuring static and dynamic routing"},"1268":{"id":6536,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6542,"characteristicId":1270,"templateId":13,"value":"N/A"},"1272":{"id":6543,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6544,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6545,"characteristicId":1276,"templateId":13,"value":"N/A"},"1278":{"id":6546,"characteristicId":1278,"templateId":13,"value":"N/A"},"1280":{"id":6547,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6548,"characteristicId":1282,"templateId":13,"value":"N/A"},"1284":{"id":6549,"characteristicId":1284,"templateId":13,"value":true}}}},{"id":2254,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Cyberoam.jpg","logo":true,"scheme":false,"title":"Cyberoam Next Generation Firewall","vendorVerified":0,"rating":"1.40","implementationsCount":0,"suppliersCount":0,"alias":"cyberoam-next-generation-firewall","companyTypes":[],"description":"<p>The mobilization of workforce has led to demand for anytime-anywhere access to network resources. This, along with increasing number of users like customers and partners connecting to an enterprise network from outside is leading to de-perimeterization of enterprise networks.</p>\r\n<p>Besides, trends like rise in number of network users and devices, application explosion, virtualization, and more are leading to loss of security controls for enterprises over their networks. Cyberoam Next-Generation Firewalls (NGFW) with Layer 8 Identity-based technology offer actionable intelligence and controls to enterprises that allow complete security controls over L2-L8 for their future-ready security.</p>\r\n<p><span style=\"font-weight: bold;\">Actionable Intelligence &amp; Controls</span></p>\r\n<p>Cyberoam's Human Layer 8 acts like a standard abstract layer that binds with real Layers 2-7, enabling enterprises to regain lost security controls. By binding User Identity across Layers 2-7, enterprises can put security checks where they want to from L2-L8, along with complete visibility into user and network activities.</p>\r\n<p><span style=\"font-weight: bold;\">CyberoamOS</span></p>\r\n<p>Cyberoam Next-Generation Firewalls are based on CyberoamOS &ndash; an intelligent and powerful firmware that offers next-generation security features include inline application inspection and control, website filtering, HTTPS inspection, Intrusion Prevention System, VPN (IPSec and SSL) and QoS/bandwidth management. Additional security features like Web Application Firewall, Gateway Anti-Virus, Gateway Anti-Spam are also available.</p>\r\n<p><span style=\"font-weight: bold;\">High Performance</span></p>\r\n<p>Cyberoam offers high performance for enterprises with its powerful hardware appliances and CybeoamOS that has the ability to extract highest level of performance from a multi-core platform and tightly integrates with the hardware for network and crypto acceleration.</p>\r\n<p><span style=\"font-weight: bold;\">Scalability</span></p>\r\n<p>Cyberoam's Extensible Security Architecture supports future enhancements like new security features and security updates that can be developed rapidly and deployed with minimum efforts without the need to change the appliance, offering future-ready security to large enterprises. In addition, enterprises can add another appliance in cluster/HA to support more number of users.</p>\r\n<p><span style=\"font-weight: bold;\">Flexibility</span></p>\r\n<p>The FleXi Ports available in the FleXi Port (XP) security appliances offer flexible network connectivity with I/O slots that allow additional Copper/Fiber 1G/10G ports on the same security appliance, allowing enterprises to upgrade to new technologies easily and cost-effectively, making them future-ready. The FleXi Ports consolidate the number of devices in a network, offering benefits of power efficiency, reduced network complexity and reduced operational costs.</p>","shortDescription":"Cyberoam NGFW is a firewall that protects organizations from new threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cyberoam Next Generation Firewall","keywords":"","description":"<p>The mobilization of workforce has led to demand for anytime-anywhere access to network resources. This, along with increasing number of users like customers and partners connecting to an enterprise network from outside is leading to de-perimeterization of e","og:title":"Cyberoam Next Generation Firewall","og:description":"<p>The mobilization of workforce has led to demand for anytime-anywhere access to network resources. This, along with increasing number of users like customers and partners connecting to an enterprise network from outside is leading to de-perimeterization of e","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Cyberoam.jpg"},"eventUrl":"","translationId":2255,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6568,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6567,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6574,"characteristicId":139,"templateId":13,"value":"N/A"},"141":{"id":6573,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":6571,"characteristicId":143,"templateId":13,"value":true},"145":{"id":6575,"characteristicId":145,"templateId":13,"value":"N/A"},"147":{"id":6572,"characteristicId":147,"templateId":13,"value":true},"153":{"id":6569,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6570,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6576,"characteristicId":1270,"templateId":13,"value":"N/A"},"1272":{"id":6577,"characteristicId":1272,"templateId":13,"value":true},"1274":{"id":6578,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6579,"characteristicId":1276,"templateId":13,"value":"N/A"},"1278":{"id":6580,"characteristicId":1278,"templateId":13,"value":"Bandwidth"},"1280":{"id":6581,"characteristicId":1280,"templateId":13,"value":"High availability"},"1282":{"id":6582,"characteristicId":1282,"templateId":13,"value":"Active Directory"},"1284":{"id":6583,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2256,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/qosmos-logo.jpg","logo":true,"scheme":false,"title":"ENEA Qosmos Division Next generation firewalls","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"enea-qosmos-division-next-generation-firewalls","companyTypes":[],"description":"Enea's Qosmos ixEngine is an advanced, DPI-based, classification and metadata engine that recognizes over 3100 protocols, more than any other DPI engine on the market. Delivered as a Software Development Kit (SDK), it is composed of software libraries, modules and tools that are easily integrated into new or existing solutions. Developers benefit from market-leading DPI technology to bring detailed traffic visibility to network solutions up to Layer 7. Integration of Qosmos ixEngine as a software component can be carried out in a few days and removes the need to develop in-house protocol recognition capabilities, simplifying product development and accelerating delivery.\r\nQosmos Labs constantly monitors and updates the DPI protocol library, sending regular updates to customers that can be integrated as hot swaps into their products. In this way, firewall vendors can concentrate on their core areas of expertise while delivering maximum firewall performance at all times.\r\n<span style=\"font-weight: bold;\">BENEFITS FOR FIREWALL VENDORS: FULL APPLICATION VISIBILITY</span>\r\n<ul> <li>Identifies applications based on protocol grammar analysis, not ports</li> <li>Goes beyond traditional DPI to decode traffic inside tunneling protocols</li> <li>Identifies actions launched within an application (such as login, browse, chat, file transfer, etc.)</li> <li>Real-time extraction of communications metadata such as message senders and receivers, and names of files shared or attached in an application.</li> <li>Recognizes thousands of protocols, applications and metadata</li> <li>Allows users to develop their own protocol plugins that can be integrated in the Qosmos ixEngine framework.</li> </ul>","shortDescription":"Qosmos NGFW is an advanced, DPI-based, classification and metadata engine that recognizes over 3100 protocols, more than any other DPI engine on the market.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"ENEA Qosmos Division Next generation firewalls","keywords":"","description":"Enea's Qosmos ixEngine is an advanced, DPI-based, classification and metadata engine that recognizes over 3100 protocols, more than any other DPI engine on the market. Delivered as a Software Development Kit (SDK), it is composed of software libraries, modules","og:title":"ENEA Qosmos Division Next generation firewalls","og:description":"Enea's Qosmos ixEngine is an advanced, DPI-based, classification and metadata engine that recognizes over 3100 protocols, more than any other DPI engine on the market. Delivered as a Software Development Kit (SDK), it is composed of software libraries, modules","og:image":"https://old.roi4cio.com/fileadmin/user_upload/qosmos-logo.jpg"},"eventUrl":"","translationId":2257,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6585,"characteristicId":133,"templateId":13,"value":"N/A"},"135":{"id":6584,"characteristicId":135,"templateId":13,"value":"N/A"},"139":{"id":6591,"characteristicId":139,"templateId":13,"value":"N/A"},"141":{"id":6590,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":6588,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":6592,"characteristicId":145,"templateId":13,"value":"N/A"},"147":{"id":6589,"characteristicId":147,"templateId":13,"value":"N/A"},"153":{"id":6586,"characteristicId":153,"templateId":13,"value":"N/A"},"1268":{"id":6587,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6593,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6594,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6595,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6596,"characteristicId":1276,"templateId":13,"value":"N/A"},"1278":{"id":6597,"characteristicId":1278,"templateId":13,"value":"N/A"},"1280":{"id":6598,"characteristicId":1280,"templateId":13,"value":"N/A"},"1282":{"id":6599,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence"},"1284":{"id":6600,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2236,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/F5_Big-IP_AFM.png","logo":true,"scheme":false,"title":"F5 Big-IP Advanced Firewall Manager","vendorVerified":0,"rating":"1.70","implementationsCount":1,"suppliersCount":0,"alias":"f5-big-ip-advanced-firewall-manager","companyTypes":[],"description":"<p>F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network security solution designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols. Built on F5&rsquo;s industry-leading Application Delivery Controller (ADC), BIG-IP AFM gives enterprises and service providers the scalability, flexibility, performance, and control needed to mitigate the most aggressive, volumetric distributed denial-of-service (DDoS) attacks before they reach the data center.</p>\r\n<p>BIG-IP AFM&rsquo;s unique application-centric design enables greater effectiveness in guarding against targeted network-level attacks. It tracks the state of network sessions, maintains deep application awareness, and uniquely mitigates attacks based on more granular details than traditional firewalls. With BIG-IP AFM, organizations receive protection from over 100 attack signatures&mdash;more hardware-based signatures than any other leading firewall vendor&mdash;and unsurpassed programmability, interoperability, and visibility into threat conditions.</p>\r\n<p><span style=\"font-weight: bold;\">Key benefits</span></p>\r\n<p><span style=\"font-weight: bold;\">Scale to meet network demand</span></p>\r\n<p>Meet demands for higher bandwidth usage and concurrency rates with F5&rsquo;s proven TMOS architecture, hardware systems, and virtual editions to ensure performance while under attack.</p>\r\n<p><span style=\"font-weight: bold;\">Ensure application availability</span></p>\r\n<p>Secure networks from DDoS threats across a variety of protocols, with in-depth rules customization and increased performance and scalability.</p>\r\n<p><span style=\"font-weight: bold;\">Protect with app-centric, full-proxy firewall capabilities</span></p>\r\n<p>Inspect all incoming client connections and server-to-client responses, and mitigate threats based on security and application parameters before forwarding them on to the server.</p>\r\n<p><span style=\"font-weight: bold;\">Inspect SSL sessions</span></p>\r\n<p>Fully terminate and decrypt SSL traffic to identify potentially hidden attacks&mdash;at high rates and with high throughput.</p>\r\n<p><span style=\"font-weight: bold;\">Streamline firewall deployment</span></p>\r\n<p>Simplify security configuration with firewall policies oriented around applications and an efficient rules and policy GUI.</p>\r\n<p><span style=\"font-weight: bold;\">Customize reporting for visibility</span></p>\r\n<p>Easily understand your security status with rich customizable reports, logging, and charts that provide insight to all event types and enable effective forensic analysis.</p>","shortDescription":"F5 BIG-IP AFM is a high-performance, stateful, full-proxy network security solution designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"F5 Big-IP Advanced Firewall Manager","keywords":"","description":"<p>F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network security solution designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols. Built on F5&rsquo;s industr","og:title":"F5 Big-IP Advanced Firewall Manager","og:description":"<p>F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network security solution designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols. Built on F5&rsquo;s industr","og:image":"https://old.roi4cio.com/fileadmin/user_upload/F5_Big-IP_AFM.png"},"eventUrl":"","translationId":2237,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6415,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6414,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6421,"characteristicId":139,"templateId":13,"value":"N/A"},"141":{"id":6420,"characteristicId":141,"templateId":13,"value":true},"143":{"id":6418,"characteristicId":143,"templateId":13,"value":true},"145":{"id":6422,"characteristicId":145,"templateId":13,"value":true},"147":{"id":6419,"characteristicId":147,"templateId":13,"value":true},"153":{"id":6416,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, Decrypting SSL traffic, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, Configuring static and dynamic routing"},"1268":{"id":6417,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6423,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6424,"characteristicId":1272,"templateId":13,"value":true},"1274":{"id":6425,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6426,"characteristicId":1276,"templateId":13,"value":"Reverse proxy, DNS proxy"},"1278":{"id":6427,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6428,"characteristicId":1280,"templateId":13,"value":"High availability, Virtualized environment"},"1282":{"id":6429,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6430,"characteristicId":1284,"templateId":13,"value":true}}}},{"id":952,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/forcepoint_logo.png","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/forcepointngfw.JPG","scheme":true,"title":"Forcepoint NGFW","vendorVerified":1,"rating":"3.70","implementationsCount":3,"suppliersCount":0,"alias":"forcepoint-ngfw","companyTypes":[],"description":"<span style=\"color: #616161;\">Forcepoint Next Generation Firewall (NGFW) connects and protects people and the data they use throughout the enterprise network – all with the greatest efficiency, availability and security. Trusted by thousands of customers around the world, Forcepoint network security solutions enable businesses, government agencies and other organizations to address critical issues efficiently and economically.<br /></span>\r\n<span style=\"color: #616161;\"><span style=\"font-weight: bold;\">Decrypt traffic while safeguarding privacy</span><br />Inspect attacks and stolen data hidden inside encrypted SSL/TLS traffic while still protecting users' privacy.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-weight: bold;\">Extend your network into the cloud</span><br />Deploy applications safely in Amazon Web Services, Azure, and VMware. Segment different service layers and manage virtual NGFWs and IPSs the same way as physical appliances.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-weight: bold;\">Control access to web content</span><br />Limit users' access to entire categories of websites containing inappropriate or unsafe content with URL intelligence that’s depended upon around the globe.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-weight: bold;\">Protect high-assurance systems</span><br />Safeguard your most sensitive, mission-critical networks and applications with Forcepoint’s renowned Sidewinder proxy technology.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-weight: bold;\">Regain control of shadow IT</span><br />Understand the risk associated with unsanctioned cloud apps so you can redirect users to more appropriate apps or block them altogether.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-weight: bold;\">Offer SD-WAN and NGFW security as an MSSP</span><br />Manage enterprise-grade connectivity and protection from your own multi-tenant systems, with a business model tailored to the needs of MSSPs.<br /></span>\r\n\r\n<span style=\"text-decoration: underline;\"><span style=\"font-weight: bold;\"><span style=\"color: #616161;\">Key features:</span></span></span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Modular appliances for every environment</span><br />Our broad range of appliances provide the right price-performance and form factor for each location; pluggable interface cards let you change networks with ease.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">High availability, mixed clustering</span><br />Active-active clustering lets you mix up to 16 different models of appliances for unrivaled scalability, longer lifecycles, and seamless updates without dropping packets.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Multi-link connectivity for SD-WAN</span><br />Broadband, wireless, and dedicated lines at each location can be centrally deployed and managed, providing full control over what traffic goes over each link with automated failover.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Automated, zero-downtime updates</span><br />Policy changes and software updates can be deployed to hundreds of firewalls and IPS devices around the world in minutes, not hours, without the need for service windows.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Policy-driven centralized management</span><br />Smart Policies describe your business processes in familiar terms and are automatically implemented throughout the network, managed in-house or via MSSP.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Actionable, interactive 360° visibility</span><br />Graphical dashboards and visualizations of network activity go beyond simple reporting, enabling admins to drill into events and respond to incidents faster.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Built-in NGFW, VPN, proxies, and more</span><br />Unparalleled security comes standard, from top-ranked Next Generation Firewall and IPS to rapid-setup VPNs and granular decryption, as well as our unique Sidewinder proxy technology.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Top-ranked anti-evasion defense</span><br />Multi-layer stream inspection defeats advanced attacks that traditional packet inspection can't detect—see for yourself in our Evader video series.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Human-centric endpoint context</span><br />Access policies can whitelist or blacklist specific endpoint apps, patch levels or AV status. Users' behaviors are consolidated into actionable dashboards.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Unified virtual and physical security</span><br />Native support for AWS, Azure, and VMware has the same capabilities, management, and high performance of our physical appliances.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">CASB and web security</span><br />Our reknowned URL filtering and industry-leading cloud services work together to protect your data and people as they use apps and web content.</span>\r\n<span style=\"color: #616161;\"><span style=\"font-style: italic;\">Anti-malware sandboxing</span><br />Forcepoint Advanced Malware Detection blocks previously undetected ransomware, zero-days, and other attacks before they steal sensitive data or damage your systems.</span>","shortDescription":"With Forcepoint NGFW, you can deploy and manage thousands of firewalls, IPSs, VPNs and SD-WANs – in minutes, all from a single console.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint NGFW","keywords":"Forcepoint, NGFW, your, network, security, that, data, with","description":"<span style=\"color: #616161;\">Forcepoint Next Generation Firewall (NGFW) connects and protects people and the data they use throughout the enterprise network – all with the greatest efficiency, availability and security. Trusted by thousands of customers aroun","og:title":"Forcepoint NGFW","og:description":"<span style=\"color: #616161;\">Forcepoint Next Generation Firewall (NGFW) connects and protects people and the data they use throughout the enterprise network – all with the greatest efficiency, availability and security. Trusted by thousands of customers aroun","og:image":"https://old.roi4cio.com/fileadmin/user_upload/forcepoint_logo.png"},"eventUrl":"","translationId":953,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":774,"characteristicId":133,"templateId":13,"value":true},"135":{"id":773,"characteristicId":135,"templateId":13,"value":true},"139":{"id":771,"characteristicId":139,"templateId":13,"value":true},"141":{"id":770,"characteristicId":141,"templateId":13,"value":true},"143":{"id":769,"characteristicId":143,"templateId":13,"value":true},"145":{"id":768,"characteristicId":145,"templateId":13,"value":true},"147":{"id":767,"characteristicId":147,"templateId":13,"value":true},"153":{"id":764,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6369,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6370,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6371,"characteristicId":1272,"templateId":13,"value":true},"1274":{"id":6372,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6373,"characteristicId":1276,"templateId":13,"value":"Reverse proxy"},"1278":{"id":6374,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6375,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6376,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6377,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2248,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/H3C_Technologies__logo_.png","logo":true,"scheme":false,"title":"H3C SecPath Next Generation Firewall","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"h3c-secpath-next-generation-firewall","companyTypes":[],"description":"H3C SecPath NGFW series firewall is the latest incarnation of high performance security gateway. The series is developed with the advent of Web 2.0 era, integrating the latest security trends and network deep inspection technologies and is designed for SMEs, campus network egress and WAN branches.\r\n<span style=\"font-weight: bold;\">Cutting edge hardware and software specifications</span>\r\n<ul> <li>H3C SecPath NGFW series is equipped with the latest 64-bit multi-core processor and high speed storage.</li> </ul>\r\n<span style=\"font-weight: bold;\">Telecommunication carrier guide reliability</span>\r\n<ul> <li>H3C patented and self-developed software and hardware platform have adopted and trusted by customers ranging from SMEs to telecommunication carriers.</li> <li>H3C SCF virtualization combines multiple physical devices as a single logical device, which can be managed as a single network node. Resource could be managed as a whole, application backup could be completed in batch and overall system performance is doubled.</li> </ul>\r\n<span style=\"font-weight: bold;\">Bulletproof security</span>\r\n<ul> <li>Protection from a wide range of attacks including but not limited to: Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP Spoofing, IP fragment packets, ARP spoofing, reverse ARP lookup, TCP packet illegal flag bit attack defense, oversized ICMP packets, address/port scanning, detection and protection against common DDoS attacks such as SYN Flood, UPD Flood, ICMP Flood and DNS Flood.</li> <li>SOP (Security One Platform) 1:N complete virtualization added. Container based virtualization makes logical device configuration consistent with its physical counterpart. One might create multiple virtual firewalls in an H3C SecPath F10X0 device and can configure throughput, concurrent session, policy and more based on virtual system.</li> <li>Security zone let you configure security zones based on interfaces and VLANs.</li> <li>Packet filtering allows you to apply standard or advanced ACLs between security zones to filter packets based on information contained in the packets, such as UDP and TCP port numbers. Configuration of time range based ACL is also allowed.</li> <li>Support application and user based ACL combined with in-depth protection to implement the next generation access control functions</li> <li>ASPF (Application specific Packet Filter) dynamically determines whether to forward or drop a packet by checking its application layer protocol information and state (such as FTP, HTTP, SMPT, RTSP and other application layer protocols based on TCP/UDP).</li> <li>Supports AAA,including authentication based on RADIUS/HWTACACS+, CHAP,PAP and more.</li> <li>Supports static and dynamic blacklist.</li> <li>NAT and multiple NAT instances.</li> <li>VPN—Supports L2TP, IPsec/IKE, GRE, and SSL VPNs, and implements smart terminal connection.</li> <li>Supports rich routing protocol, including static routing, policy based routing, and dynamic routing protocols such as RIP and OSPF.</li> <li>Security logs</li> <li>Traffic monitoring, statistics, and management</li> </ul>\r\n<span style=\"font-weight: bold;\">Flexible, expandable built-in DPI</span>\r\n<ul> <li>Integrated security application processing platform is fully coupled with essential security protection.</li> <li>Comprehensive application layer traffic identification and management: with H3C’s longtime expertise in stateful inspection and traffic cross-checking technology, NGFW can accurately detect P2P/IM/online game/equity trading/video stream/multimedia applications such as Thunder/Web Thunder, BitTorrent, eMule, eDonkey, QQ, MSN, PPLive; supports P2P throttle through deep packet inspection which matches network packets with P2P packet characteristics. This effectively detects P2P traffic, achieves necessary P2P traffic management and provides different control strategies to flexibly limit P2P traffic.</li> <li>Highly precise and efficient intrusion detection engine using H3C patented and self-developed FIRST (Full Inspection with Rigorous State Test). FIRST engine consolidates multiple detection technologies to realize comprehensive inspection based on status with highly accurate intrusion detection.FIRST also uses parallel inspection technology that can be flexibly deployed with software and hardware to increase the detection efficiency.</li> <li>Realtime anti-virus protection: the stream-based virus scanning engine results in quick, accurate scanning and removal of viral code in network stream.</li> <li>Fast URL filtering: Apart from basic URL blacklist and white list filtering, URL lookup server can be set for online query.</li> <li>Comprehensive and up-to-date security signature database. With years of operation and experience, H3C hires the best team in identifying attack signatures, set up professional defense lab that keeps the team at the forefront of network security, and ensures timely update of signature database.</li> </ul>\r\n<span style=\"font-weight: bold;\">Industry-leading IPv6 features</span>\r\n<ul> <li>IPv6 stateful inspection truly implements IPv6 firewall, and completes IPv6 protection against attacks.</li> <li>Supports IPv4/IPv6 dual protocol stacks and supports IPv6 packet forwarding, static routing, dynamic routing and multicast routing.</li> <li>IPv6 transition technologies consist of NAT-PT, IPv6 over IPv4 GRE tunnel, manual tunnel, 6to4 tunnel, automatic IPv4-compatible IPv6 tunnel, ISATAP tunnel, NAT444, and DS-Lite.</li> <li>Supports IPv6 ACL and Radius.</li> </ul>\r\n<span style=\"font-weight: bold;\">Next generation applications</span>\r\n<ul> <li>Load Balancing: Implement auto switch and auto load-balancing of enterprise Internet egress through links status check and links busy status protection.</li> <li>SSL VPN: Integrated SSL VPN fulfils the secure remote access needs for mobile office and roaming employees. Additional authentication factor can be implemented with USB-Key or mobile SMS, and integrates with existing enterprise authentication system to create a fully integrated access authentication system.</li> <li>Basic support for DLP (Data Leak Prevention) includes E-mail filtering, SMTP E-mail address, subject and attachment filtering, Web page filtering, HTTP URL and content filtering, files filtering based on network transportation protocol, application layer filtering such as Java/ActiveX blocking and SQL injection attack blocking.</li> </ul>\r\n<span style=\"font-weight: bold;\">Intelligent management</span>\r\n<ul> <li>Intelligent security policy: policy redundancy check, policy mapping optimization advice, dynamic internal network application check and appropriate policy creations and recommendations.</li> <li>Supports SNMPv3 and compatible with SNMPv1 and SNMPv2.</li> <li>Graphical interface with simple and easy to use Web based management.</li> <li>CLI-based device management and firewall configuration that fulfils the professional management and batch deployment requirements.</li> <li>Security Service Manager (SSM) is an iMC component for centralized network security management. SSM monitors firewall devices on the network in real time, collects and analyzes security events and logs and feedback in a single console. It breaks the silos between network security devices, provides an intuitive interface for network security, gives real time feedback to security events and pinpoints the exact location of network outage. It frees IT and security administrators from the chore of management, significantly improves their productivity and let them focus on core business instead.</li> <li>Centralized log management functions based on advanced data drill-down and analysis technology. It can request and receive information to generate logs, compile different types of logs (such as syslogs and binary stream logs) in the same format, and compress and store large amounts of logs. You can encrypt and export saved logs to external storage devices such as DAS, NAS, and SAN to avoid loss of important security logs.</li> <li>Choices of reports:, application-based reports and stream-based analysis reports.</li> <li>Export of reports in different formats, such as PDF, HTML, Microsoft Word, and txt.</li> <li>Report customization through the Web interface. Customizable contents include time range, data source device, generation period, and export format.</li> </ul>","shortDescription":"H3C SecPath серии NGFW - последнее воплощение высокопроизводительного шлюза безопасности, объединяющее последние тенденции в области безопасности и технологии глубокого контроля сети.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"H3C SecPath Next Generation Firewall","keywords":"","description":"H3C SecPath NGFW series firewall is the latest incarnation of high performance security gateway. The series is developed with the advent of Web 2.0 era, integrating the latest security trends and network deep inspection technologies and is designed for SMEs, c","og:title":"H3C SecPath Next Generation Firewall","og:description":"H3C SecPath NGFW series firewall is the latest incarnation of high performance security gateway. The series is developed with the advent of Web 2.0 era, integrating the latest security trends and network deep inspection technologies and is designed for SMEs, c","og:image":"https://old.roi4cio.com/fileadmin/user_upload/H3C_Technologies__logo_.png"},"eventUrl":"","translationId":2249,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6517,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6516,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6523,"characteristicId":139,"templateId":13,"value":"N/A"},"141":{"id":6522,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":6520,"characteristicId":143,"templateId":13,"value":true},"145":{"id":6524,"characteristicId":145,"templateId":13,"value":"N/A"},"147":{"id":6521,"characteristicId":147,"templateId":13,"value":true},"153":{"id":6518,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6519,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6525,"characteristicId":1270,"templateId":13,"value":"N/A"},"1272":{"id":6526,"characteristicId":1272,"templateId":13,"value":true},"1274":{"id":6527,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6528,"characteristicId":1276,"templateId":13,"value":"N/A"},"1278":{"id":6529,"characteristicId":1278,"templateId":13,"value":"Configuration console"},"1280":{"id":6530,"characteristicId":1280,"templateId":13,"value":"Routed/Transparent mode, Virtualized environment"},"1282":{"id":6531,"characteristicId":1282,"templateId":13,"value":"N/A"},"1284":{"id":6532,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2240,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Huawei_NGFW.png","logo":true,"scheme":false,"title":"Huawei Next-Generation Firewall","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"huawei-next-generation-firewall","companyTypes":[],"description":"<p>Huawei next-generation firewalls are designed for large and medium-size enterprises, organizations, and data centers. The firewalls provide full-fledged application identification and application-layer threat and attack defense capabilities, and deliver high performance even when multiple security functions are enabled. The firewalls also offer multiple interface card slots that support various interface cards, such as GE electrical/optical and 10 GE interface cards. These cards allow users to flexibly expand services and enable the firewalls to evolve with enterprise networks, making firewalls highly cost-effective and protecting customer investment.</p>\r\n<p><span style=\"font-weight: bold;\">USG9500 Series Terabit-level Next-Generation Firewall</span></p>\r\n<p>The USG9500 is a new-generation, terabit-level, all-in-one DC firewall from Huawei for cloud service providers, large-scale DCs, and large-scale enterprise campus networks.</p>\r\n<p>The USG9500 provides terabit-level processing performance and 99.999% reliability. It integrates multiple security features such as Network Address Translation (NAT), Virtual Private Network (VPN), Intrusion Protection System (IPS), virtualization, and Service Awareness (SA) to help enterprises construct cloud computing&ndash;oriented DCs under border security protection and reduce the equipment room investment and Total Cost of Ownership (TCO) per Mbit/s.</p>\r\n<p><span style=\"font-weight: bold;\">USG6600 Series Next-Generation Firewall</span></p>\r\n<p>The USG6600 provides unified network security for large and medium-size enterprises, organizations, and data centers.</p>\r\n<p>Integrated firewall, VPN, intrusion prevention, antivirus, and data leakage prevention deliver high-performance protection. Identifies more than 6,300+ applications and analyzes intranet service traffic across six dimensions, automatically generating security policy suggestions.</p>\r\n<p>Optimize security management and boost application-layer protection with the USG6600 Series Firewall.<br />USG6600 is certified by ICSA Labs in Firewall, IPS, IPSec, SSL VPN and AV categories, is certified at CC EAL4+ level, and earned the Recommended Rating from NSS Labs.</p>\r\n<p><span style=\"font-weight: bold;\">USG6500E Series New-Generation Firewalls (Fixed-Configuration)</span></p>\r\n<p>Huawei USG6500E series fixed-configuration next-generation firewalls are enterprise-class new-generation firewalls designed for small and medium-sized enterprises and chain organizations. In addition to basic NGFW capabilities, the USG6500E series can interwork with other security devices to proactively defend against network threats, enhance border detection capabilities, effectively defend against advanced threats, and resolve performance deterioration problems. The self-developed network processing chip provides pattern matching and accelerated encryption/decryption service processing, which significantly improves the performance of processing content security detection and IPSec services.</p>\r\n<p><span style=\"font-weight: bold;\">USG6500E Series New-Generation Firewalls (Desktop)</span></p>\r\n<p>Huawei USG6500E series firewalls are new-generation desktop firewalls designed for small enterprises, industry branches, and chain business organizations. In addition to the traditional firewall management mode, the cloud management mode is supported. The cloud management mode provides plug-and-play, automatic service configuration, visualized O&amp;M, and big data analysis for a large number of branches to securely access the network. The self-developed network processing chip provides pattern matching and accelerated encryption/decryption service processing, which significantly improves the performance of processing content security detection and IPSec services.</p>","shortDescription":"Huawei Next-Generation Firewall обеспечивают простое и детальное управление доступом, защиту от угроз 10G для обеспечения безопасности сетей.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":20,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Huawei Next-Generation Firewall","keywords":"","description":"<p>Huawei next-generation firewalls are designed for large and medium-size enterprises, organizations, and data centers. The firewalls provide full-fledged application identification and application-layer threat and attack defense capabilities, and deliver hig","og:title":"Huawei Next-Generation Firewall","og:description":"<p>Huawei next-generation firewalls are designed for large and medium-size enterprises, organizations, and data centers. The firewalls provide full-fledged application identification and application-layer threat and attack defense capabilities, and deliver hig","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Huawei_NGFW.png"},"eventUrl":"","translationId":2241,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6449,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6448,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6455,"characteristicId":139,"templateId":13,"value":true},"141":{"id":6454,"characteristicId":141,"templateId":13,"value":true},"143":{"id":6452,"characteristicId":143,"templateId":13,"value":true},"145":{"id":6456,"characteristicId":145,"templateId":13,"value":true},"147":{"id":6453,"characteristicId":147,"templateId":13,"value":true},"153":{"id":6450,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, Decrypting SSL traffic, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6451,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6457,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6458,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6459,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6460,"characteristicId":1276,"templateId":13,"value":"Reverse proxy"},"1278":{"id":6461,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6462,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode"},"1282":{"id":6463,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6464,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":1443,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/juniper_networks.png","logo":true,"scheme":false,"title":"Juniper Next-Generation Firewall (NGFW)","vendorVerified":0,"rating":"2.20","implementationsCount":3,"suppliersCount":0,"alias":"juniper-next-generation-firewall-ngfw","companyTypes":[],"description":"Available on all SRX platforms, our security services reduce the attack surface in real-time and stop cyber criminals before they can breach your organization&rsquo;s defenses.\r\n<span style=\"font-weight: bold;\">Identifying Application Risks</span>\r\nJuniper AppSecure, an NFGW Services component, is a suite of services that provides deep application visibility and control in your network:\r\n<ul>\r\n<li>AppTrack identifies applications on the network to assess their security risk and address user behavior. Contextual information helps you gain insight into which applications are permitted and the risk they may pose.</li>\r\n<li>AppFW provides policy-based enforcement and control, blocking access to high-risk applications and enforcing user-defined policies. Reports on application bandwidth usage deliver further insight, and you can throttle any application traffic not sanctioned by the enterprise.</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\">Protection from Network Borne Attacks</span>\r\nJuniper Intrusion Prevention System (IPS) and Sky Advanced Threat Prevention (ATP) work together to provide comprehensive threat detection and protection against known and unknown threats that use the network as an attack vector. The capabilities provide immediate protection from malicious malware. Continual monitoring for new exploits and vulnerabilities keeps protection up to date. The system immediately blocks threats on client and server systems inline before damage can take place.\r\n<span style=\"font-weight: bold;\">Safeguards Against Malware</span>\r\nAlthough modern cyber criminals favor today&rsquo;s sophisticated, turnkey techniques, they have not abandoned the tried and true approach of tucking malware into signature-based viruses and volume-based email. Integrated with our SRX platforms, Sophos Live Protection combines cloud-based reputation intelligence with on-box horsepower to deliver lightweight and fast security.\r\n<span style=\"font-weight: bold;\">Web Browsing Defense</span>\r\nThe Web is full of deception designed to get unsuspecting users to click on malicious links that might install advanced malware. Attackers regularly compromise websites by tricking users into providing their user credentials. Juniper has partnered with Forcepoint to provide URL filtering that fights such attacks. The service is constantly and globally updated in real time to provide an always-current worldwide database of malicious URLs that protect against user compromise.\r\n<span style=\"font-weight: bold;\">Avoiding Unauthorized Access and Use</span>\r\nEvery user in an enterprise must be able to access certain applications to perform specific tasks. But allowing users unlimited access to corporate resources outside their sphere of responsibility can enable the proliferation of insider threats. Our User Firewall service restricts application usage on a per-user basis by tightly integrating with Microsoft Active Directory (AD) and the Lightweight Directory Access Protocol (LDAP). As a result, you gain visibility and control of application and network use segmented by user-defined roles, enabling secure access to authorized applications.\r\n<span style=\"font-weight: bold;\">Features</span>\r\n<span style=\"font-weight: bold;\">Advanced Application Visibility and Control</span>\r\nYou can identify applications running on your network regardless of port, protocol, and encryption. This visibility lets you immediately block evasive applications inline at the SRX firewall.\r\n<span style=\"font-weight: bold;\">Nested Application Support</span>\r\nYou can accurately identify applications embedded in common network protocols such as HTTP or HTTPS traffic. This capability also provides visibility into and granular control over applications hidden inside encrypted SSL traffic.\r\n<span style=\"font-weight: bold;\">User and Role-Based Policies</span>\r\nTight integration with Microsoft AD and LDAP allow you to set and enforce user- and role-based security policies. Policy setting becomes simpler and more secure, because you reduce the number of policies needed to account for user location, IP address, and so on.\r\n<span style=\"font-weight: bold;\">SSL Inspection</span>\r\nInline decryption and inspection of inbound and outbound Secure Sockets Layer (SSL) connections at the SRX firewall provide visibility and protection against threats embedded in SSL encrypted traffic.\r\n<span style=\"font-weight: bold;\">Junos OS Integration</span>\r\nIntegration with Juniper&rsquo;s operating system consolidates and optimizes services on SRX devices for maximum scale.","shortDescription":"Juniper Next-Generation Firewall (NGFW) Services provide an array of cyber defenses to reduce your attack surface in this challenging environment.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Juniper Next-Generation Firewall (NGFW)","keywords":"","description":"Available on all SRX platforms, our security services reduce the attack surface in real-time and stop cyber criminals before they can breach your organization&rsquo;s defenses.\r\n<span style=\"font-weight: bold;\">Identifying Application Risks</span>\r\nJuniper App","og:title":"Juniper Next-Generation Firewall (NGFW)","og:description":"Available on all SRX platforms, our security services reduce the attack surface in real-time and stop cyber criminals before they can breach your organization&rsquo;s defenses.\r\n<span style=\"font-weight: bold;\">Identifying Application Risks</span>\r\nJuniper App","og:image":"https://old.roi4cio.com/fileadmin/user_upload/juniper_networks.png"},"eventUrl":"","translationId":1444,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":886,"characteristicId":133,"templateId":13,"value":true},"135":{"id":885,"characteristicId":135,"templateId":13,"value":true},"139":{"id":883,"characteristicId":139,"templateId":13,"value":true},"141":{"id":882,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":881,"characteristicId":143,"templateId":13,"value":true},"145":{"id":880,"characteristicId":145,"templateId":13,"value":true},"147":{"id":879,"characteristicId":147,"templateId":13,"value":"N/A"},"153":{"id":876,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6387,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6388,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6389,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6390,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6391,"characteristicId":1276,"templateId":13,"value":"Reverse proxy"},"1278":{"id":6392,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6393,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6394,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6395,"characteristicId":1284,"templateId":13,"value":true}}}},{"id":1405,"logoURL":"https://old.roi4cio.com/fileadmin/content/Palo_Alto_Networks_Logo.png","logo":true,"scheme":false,"title":"Palo Alto Networks next-generation firewall (NGFW)","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"palo-alto-networks-next-generation-firewall-ngfw","companyTypes":[],"description":"Flexible deployment options and native integration with our next-generation platform extend the policy enforcement and cyberthreat prevention to everywhere your users and data are located: in your network, on your endpoints and in the cloud.\r\n<span style=\"font-weight: bold;\">Superior architecture, superior benefits</span>\r\nComplete visibility and precise control: Our next-generation firewalls provide complete visibility into all network traffic based on applications, users, content and devices. Automated security: Innovative features reduce manual tasks and enhance your security posture, for example, by disseminating protections from previously unknown threats globally in near-real time, correlating a series of related threat events to indicate a likely attack on your network, and using dynamic address groups in security rules to avoid updating server IP addresses frequently. Protection for your users and data everywhere: Our next-generation firewalls are natively integrated with our security platform, which prevents advanced and unknown cyberthreats no matter where the users and data are located: in your network, on your endpoints and in the cloud.\r\n<span style=\"font-weight: bold;\">Products:&nbsp;</span>PA-5000 Series, PA-4000 Series, PA-3000 Series, PA-2000 Series, PA-500, PA-200, VM-Series, Management Platforms\r\n<span style=\"font-weight: bold;\">Visibility and Control</span>\r\nOur next-generation firewall classifies all traffic, including encrypted traffic, based on application, application function, user and content. You can create comprehensive, precise security policies, resulting in safe enablement of applications. This lets only authorized users run sanctioned applications, greatly reducing the surface area of cyber attacks across the organization.\r\n<span style=\"font-weight: bold;\">Threat Prevention</span>\r\nThe combination of Content-IDTM and WildFireTM provides protection from known and unknown threats. Content-ID limits unauthorized data transfer and detects and blocks a wide range of threats. WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual environment, and automatically disseminates updated protections globally in near-real time.\r\n<span style=\"font-weight: bold;\">Built-in, not Bolted-on</span>\r\nToday’s security architectures are a result of adding uncoordinated security layers one at a time, making them ineffective in dealing with modern threats. Unlike legacy firewalls that are based on this &quot;layered security&quot; architecture, our next-generation firewalls use a unified security design that classifies all traffic into full context before applying one set of flexible security rules in a single pass.","shortDescription":"Palo Alto Networks next-generation firewalls are architected to safely enable applications and prevent modern threats. Our approach identifies all network traffic based on applications, users, content","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":16,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Palo Alto Networks next-generation firewall (NGFW)","keywords":"","description":"Flexible deployment options and native integration with our next-generation platform extend the policy enforcement and cyberthreat prevention to everywhere your users and data are located: in your network, on your endpoints and in the cloud.\r\n<span style=\"font","og:title":"Palo Alto Networks next-generation firewall (NGFW)","og:description":"Flexible deployment options and native integration with our next-generation platform extend the policy enforcement and cyberthreat prevention to everywhere your users and data are located: in your network, on your endpoints and in the cloud.\r\n<span style=\"font","og:image":"https://old.roi4cio.com/fileadmin/content/Palo_Alto_Networks_Logo.png"},"eventUrl":"","translationId":1406,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":763,"characteristicId":133,"templateId":13,"value":true},"135":{"id":762,"characteristicId":135,"templateId":13,"value":true},"139":{"id":760,"characteristicId":139,"templateId":13,"value":true},"141":{"id":759,"characteristicId":141,"templateId":13,"value":true},"143":{"id":758,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":757,"characteristicId":145,"templateId":13,"value":true},"147":{"id":756,"characteristicId":147,"templateId":13,"value":true},"153":{"id":753,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, Decrypting SSL traffic, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6396,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6397,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6398,"characteristicId":1272,"templateId":13,"value":true},"1274":{"id":6399,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6400,"characteristicId":1276,"templateId":13,"value":"Reverse proxy, DNS proxy"},"1278":{"id":6401,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6402,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6403,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, IAM, AAA-servers, Network security policy management"},"1284":{"id":6404,"characteristicId":1284,"templateId":13,"value":true}}}},{"id":2242,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Sangfor_NGAF.jpg","logo":true,"scheme":false,"title":"Sangfor NGAF","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"sangfor-ngaf","companyTypes":[],"description":"<p>Sangfor NGAF is the world 1st fully integrated NGFW (Next Generation Firewall) + WAF (Web Application Firewall). It can help you provide a comprehensive network security protection against current, emerging and future threats.</p>\r\n<ul>\r\n<li>Anti-Phishing: Send out alerts on suspicious emails that could bring in Ransomware.</li>\r\n<li>Anti-Virus: Clear out known Ransomware according to over 1+ million signatures in SANGFOR database.</li>\r\n<li>Sandboxing: Detect and block emerging and new Ransomware by cloud based threat analysis.</li>\r\n<li>Anti-Malware: Damage remediation - keep Ransomware from spreading via corporate network and even block the encryption process.</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Internet Security Solutions and Web Application Security</span></p>\r\n<p>With the fast evolution of the IT industry, all applications, services and devices are being connected through the Internet with new technologies, such as BYOD, IoT (Internet of Things), Cloud and so on. This will bring many business advantages including greater convenience and productivity, however with tremendous power also comes great responsibility in handling network security.</p>\r\n<p><span style=\"font-weight: bold;\">Next Generation Firewall / Enterprise Firewall Protection</span></p>\r\n<p>Sensitive data, such as credit card information and confidential files, are a gold mine for hackers or competitors to earn money. There are currently many cases of malicious software including the well-known threat of Ransomware, which are growing at an alarming rate along with new varieties fast developing.</p>\r\n<p>Network security is often considered an additional investment with few benefits, but traditional internet security solutions are too general against the increasing number of vulnerabilities, which can often only protect against the existing threats.</p>\r\n<p><span style=\"font-weight: bold;\">Web Application Firewall and Hardware Firewall</span></p>\r\n<p>At Sangfor, we develop complete and comprehensive internet security solutions such as our next generation firewall with web application firewall all-in-one solutions. Our solutions our specially formulated with our users in mind. Our easy-to-use converged security solution is designed to protect users against all types of threats, regardless of being internal, external, existing or future threats.</p>\r\n<p>We believe security should be simple, and easy to understand, deploy and operate for even the average IT employee. Our concept of network security is defined through four fundamental points, which we prize as the core of our marketing strategy.</p>\r\n<p>These four fundamental points are: Security Visibility, Real-Time Detection &amp; Rapid Response, Simplified Security O&amp;M and L7 High-Performance.</p>","shortDescription":"Sangfor NGAF is the world 1st fully integrated NGFW (Next Generation Firewall) + WAF (Web Application Firewall).","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Sangfor NGAF","keywords":"","description":"<p>Sangfor NGAF is the world 1st fully integrated NGFW (Next Generation Firewall) + WAF (Web Application Firewall). It can help you provide a comprehensive network security protection against current, emerging and future threats.</p>\r\n<ul>\r\n<li>Anti-Phishing: ","og:title":"Sangfor NGAF","og:description":"<p>Sangfor NGAF is the world 1st fully integrated NGFW (Next Generation Firewall) + WAF (Web Application Firewall). It can help you provide a comprehensive network security protection against current, emerging and future threats.</p>\r\n<ul>\r\n<li>Anti-Phishing: ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Sangfor_NGAF.jpg"},"eventUrl":"","translationId":2243,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6466,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6465,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6472,"characteristicId":139,"templateId":13,"value":true},"141":{"id":6471,"characteristicId":141,"templateId":13,"value":true},"143":{"id":6469,"characteristicId":143,"templateId":13,"value":true},"145":{"id":6473,"characteristicId":145,"templateId":13,"value":true},"147":{"id":6470,"characteristicId":147,"templateId":13,"value":true},"153":{"id":6467,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6468,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6474,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6475,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6476,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6477,"characteristicId":1276,"templateId":13,"value":"Reverse proxy, DNS proxy"},"1278":{"id":6478,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6479,"characteristicId":1280,"templateId":13,"value":"High availability, Virtualized environment"},"1282":{"id":6480,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6481,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":1441,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/SonicWall.png","logo":true,"scheme":false,"title":"SonicWall next-generation firewall (NGFW)","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"sonicwall-next-generation-firewall-ngfw","companyTypes":[],"description":"SonicWall is considered a Niche Player by Gartner, it offers a great many firewall options, some of which can also be offered as unified threat management (UTM) appliances. There are five models within the TZ Entry Level Firewall Series, offering an entry-level next-generation firewall. That series includes deep packet inspection, multi-engine sandboxing, anti-malware, intrusion prevention, web filtering, and secure remote access. For mid-sized organizations, the Network Security Appliance (NSA) Mid-Range Firewall is an NGFW platform built on a multi-core hardware architecture featuring 10 GbE interfaces. Features include application intelligence and control, real-time visualization, and WLAN management. For the largest of networks, SonicWall SuperMassive has sandboxing, SSL inspection, intrusion prevention, anti-malware, application identification, content filtering, real-time threat handling, centralized management, analytics and reporting.\r\n<span style=\"font-weight: bold;\">Features</span>\r\n<span style=\"font-weight: bold;\">Security and performance:</span> NSS Labs tested the SonicWall NSA 2650 and gave it a 98.8% security effectiveness rating, within a percentage point of the leaders. Performance was at the low end of appliances tested at 1,028 Mbps, but for an appliance that can be bought for less than $2,000, the comparison isn't a fair one. There are five SonicWall NSA firewalls above this one before you get to the high-end SuperMassive series.\r\n<span style=\"font-weight: bold;\">Value: </span>NSS Labs gave SonicWall a $4 TCO per protected Mbps, placing it in the top three of solutions tested.\r\n<span style=\"font-weight: bold;\">Implementation:</span> One CTO said the NSA offers \"enterprise function with an SMB implementation feel.\"\r\n<span style=\"font-weight: bold;\">Management:</span> As you'd expect for the target market, ease of management is a strength. One user noted reporting as an area for improvement while praising ease of management and implementation.\r\n<span style=\"font-weight: bold;\">Support:</span> The importance of finding a good third-party partner appears to be the biggest issue.\r\n<span style=\"font-weight: bold;\">Cloud features:</span> SonicWall has only recently begun offering a virtual firewall and API-level integration with AWS public cloud environments.","shortDescription":"SonicWall NGFW is a Comprehensive threat prevention at multi-gigabit speeds, network security, control and visibility your organization needs.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SonicWall next-generation firewall (NGFW)","keywords":"","description":"SonicWall is considered a Niche Player by Gartner, it offers a great many firewall options, some of which can also be offered as unified threat management (UTM) appliances. There are five models within the TZ Entry Level Firewall Series, offering an entry-leve","og:title":"SonicWall next-generation firewall (NGFW)","og:description":"SonicWall is considered a Niche Player by Gartner, it offers a great many firewall options, some of which can also be offered as unified threat management (UTM) appliances. There are five models within the TZ Entry Level Firewall Series, offering an entry-leve","og:image":"https://old.roi4cio.com/fileadmin/user_upload/SonicWall.png"},"eventUrl":"","translationId":1442,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":875,"characteristicId":133,"templateId":13,"value":true},"135":{"id":874,"characteristicId":135,"templateId":13,"value":true},"139":{"id":872,"characteristicId":139,"templateId":13,"value":true},"141":{"id":871,"characteristicId":141,"templateId":13,"value":true},"143":{"id":870,"characteristicId":143,"templateId":13,"value":true},"145":{"id":869,"characteristicId":145,"templateId":13,"value":true},"147":{"id":868,"characteristicId":147,"templateId":13,"value":true},"153":{"id":865,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, Decrypting SSL traffic, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6333,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6334,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6335,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6336,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6337,"characteristicId":1276,"templateId":13,"value":"DNS proxy"},"1278":{"id":6338,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6339,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode"},"1282":{"id":6340,"characteristicId":1282,"templateId":13,"value":"Active Directory"},"1284":{"id":6341,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2238,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/sophos.jpg","logo":true,"scheme":false,"title":"Sophos Next-Generation Firewall","vendorVerified":0,"rating":"1.40","implementationsCount":0,"suppliersCount":0,"alias":"sophos-next-generation-firewall","companyTypes":[],"description":"<p>Sophos offers next-generation firewall (NGFW) features which let you protect your network with an enterprise-class firewall while securing your web traffic. It protects you against modern threats like drive-by downloads and botnets, and securely connects people and offices using our flexible VPN options. And you&rsquo;ll get detailed reports to help you understand what&rsquo;s going on and how to improve your network performance and protection.</p>\r\n<p><span style=\"font-weight: bold;\">Proven protection against modern day threats</span></p>\r\n<p>You get fast, accurate scanning for viruses, spyware and active content using two parallel antivirus engines. Our Advanced Threat Protection combines multiple technologies to identify and block traffic to command and control hosts. Advanced packet filtering, network address translation (NAT), stateful inspection and network intrusion prevention system (IPS) technologies protect your network. You&rsquo;ll easily see attacks targeting your resources and stop them by simply ticking a box. And our IPS is multicore engineered to run at maximum speeds on the latest processors.</p>\r\n<p><span style=\"font-weight: bold;\">Granular bandwidth visibility and control</span></p>\r\n<p>Using our URL filter, select from over 100 categories and stop access to malicious and nonproductive websites, and set policies for certain users and particular times. A graphical flowmonitor shows everything as it happens, letting you maximize the bandwidth for what&rsquo;s important and minimize it for what&rsquo;s not. Our Deep Layer-7 inspection ensures true application identification for thousands of applications. We&rsquo;ll automatically update these, and give you feedback on unclassified applications.</p>\r\n<p><span style=\"font-weight: bold;\">Connect remote offices with configurationless VPN</span></p>\r\n<p>For remote workers, setting up client VPNs really couldn&rsquo;t be easier. We provide users with a simple portal, letting them connect from any device, even smartphones and tablets. And when it comes to hooking up remote offices, we&rsquo;ve really broken the mold. Sophos RED is a box that plugs in at any remote office and requires no onsite configuration. Connect it to the internet, register it centrally and the remote site instantly gets full UTM protection.</p>\r\n<p><span style=\"font-weight: bold;\">Intuitive management and detailed reporting</span></p>\r\n<p>You&rsquo;ll know what&rsquo;s happening with your users and you&rsquo;ll have complete control over all the features you need, with none of the complexity. Policies are easy to build and you get detailed reports as standard, stored locally with no separate tools required. Predefined and customizable reports show key web activity like domains visited and bandwidth consumed. And report anonymization hides user names, requiring the four-eyes-principle to unhide them.</p>","shortDescription":"Sophos NGFW rovides unprecedented visibility into your network, users, and applications directly from the all-new control centre.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":19,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Sophos Next-Generation Firewall","keywords":"","description":"<p>Sophos offers next-generation firewall (NGFW) features which let you protect your network with an enterprise-class firewall while securing your web traffic. It protects you against modern threats like drive-by downloads and botnets, and securely connects pe","og:title":"Sophos Next-Generation Firewall","og:description":"<p>Sophos offers next-generation firewall (NGFW) features which let you protect your network with an enterprise-class firewall while securing your web traffic. It protects you against modern threats like drive-by downloads and botnets, and securely connects pe","og:image":"https://old.roi4cio.com/fileadmin/user_upload/sophos.jpg"},"eventUrl":"","translationId":2239,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6432,"characteristicId":133,"templateId":13,"value":true},"135":{"id":6431,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6438,"characteristicId":139,"templateId":13,"value":true},"141":{"id":6437,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":6435,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":6439,"characteristicId":145,"templateId":13,"value":true},"147":{"id":6436,"characteristicId":147,"templateId":13,"value":true},"153":{"id":6433,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, IPv4/IPv6 protocols, Hiding adresses with NAT, DHCP, IPSec Site to Site VPN tunnels, Stateful TCP/IP stack, URL filtering, Configuring static and dynamic routing"},"1268":{"id":6434,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6440,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6441,"characteristicId":1272,"templateId":13,"value":true},"1274":{"id":6442,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6443,"characteristicId":1276,"templateId":13,"value":"Reverse proxy, DNS proxy"},"1278":{"id":6444,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6445,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6446,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6447,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2244,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/untangle-logo.png","logo":true,"scheme":false,"title":"Untangle NG Firewall","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"untangle-ng-firewall","companyTypes":[],"description":"Untangle NG Firewall takes the complexity out of network security—saving you time, money and frustration. Get everything you need in a single, modular platform that fits the evolving needs of your organization without the headaches of multiple point solutions.\r\nRest assured that the browser-based, responsive and intuitive interface will enable you to create policies quickly and easily. Then, drill down into database-driven reports—the most comprehensive and detailed in the industry—to get visibility into exactly what’s happening on your network.\r\nUntangle NG Firewall is designed to balance performance and protection, policy and productivity. It’s an ideal fit for a range of organizations seeking a powerful, cost-effective network security solution that can handle any IT challenge: from small, remote offices to diverse school campuses to large, distributed organizations.\r\n<span style=\"font-weight: bold;\">Comprehensive Security at the Gateway</span>\r\nNG Firewall gives you more protection at the gateway in a single solution—saving you time and money. Tackle malware, hacking attempts, phishing schemes and other exploits before they ever reach your users.\r\n<span style=\"font-weight: bold;\">Deep Analysis and Insights</span>\r\nSee who’s doing what when on your network. Set policies by user, group, device, time and more. Leverage database-driven reports for real-time and historical insights—all delivered on-box without the need for a separate appliance. Get valuable insights at a glance with a customizable, widgetized dashboard. Or, share template-driven, customizable reports via email with each of your stakeholders.\r\n<span style=\"font-weight: bold;\">Next-Generation Filtering</span>\r\nGet a handle on every rogue application, encrypted web request, malware distribution point, drive-by malvertising attempt, and rash of spam. NG Firewall puts you in control of what your users can access, install and use.\r\n<span style=\"font-weight: bold;\">Superior Connectivity and Performance</span>\r\nMeet the challenges of a remote workforce, branch offices and guest Wi-Fi. Keep users and data safe regardless of location or level of access. Balance competing priorities, ensure Quality of Service (QoS) and maximize uptime while saving the organization money—with features you can’t get from competitive NGFW and UTM products.","shortDescription":"Untangle NG Firewall takes the complexity out of network security —saving you time, money and frustration.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":13,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Untangle NG Firewall","keywords":"","description":"Untangle NG Firewall takes the complexity out of network security—saving you time, money and frustration. Get everything you need in a single, modular platform that fits the evolving needs of your organization without the headaches of multiple point solutions.","og:title":"Untangle NG Firewall","og:description":"Untangle NG Firewall takes the complexity out of network security—saving you time, money and frustration. Get everything you need in a single, modular platform that fits the evolving needs of your organization without the headaches of multiple point solutions.","og:image":"https://old.roi4cio.com/fileadmin/user_upload/untangle-logo.png"},"eventUrl":"","translationId":2245,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6483,"characteristicId":133,"templateId":13,"value":"N/A"},"135":{"id":6482,"characteristicId":135,"templateId":13,"value":"N/A"},"139":{"id":6489,"characteristicId":139,"templateId":13,"value":"N/A"},"141":{"id":6488,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":6486,"characteristicId":143,"templateId":13,"value":true},"145":{"id":6490,"characteristicId":145,"templateId":13,"value":"N/A"},"147":{"id":6487,"characteristicId":147,"templateId":13,"value":"N/A"},"153":{"id":6484,"characteristicId":153,"templateId":13,"value":"N/A"},"1268":{"id":6485,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6491,"characteristicId":1270,"templateId":13,"value":"N/A"},"1272":{"id":6492,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6493,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6494,"characteristicId":1276,"templateId":13,"value":"N/A"},"1278":{"id":6495,"characteristicId":1278,"templateId":13,"value":"N/A"},"1280":{"id":6496,"characteristicId":1280,"templateId":13,"value":"N/A"},"1282":{"id":6497,"characteristicId":1282,"templateId":13,"value":"N/A"},"1284":{"id":6498,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":1409,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/WatchGuard_NGFW__Next-Generation_Firewall_.jpg","logo":true,"scheme":false,"title":"WatchGuard NGFW (Next-Generation Firewall)","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"watchguard-ngfw-next-generation-firewall","companyTypes":[],"description":"Historically, next-generation firewall (NGFW) appliances were designed to deliver a very specific set of security services &ndash; firewall, intrusion prevention, and application control. Since being originally defined, the security threats and the technology available to combat those threats have significantly evolved, creating a demand for additional network security services. As a result, other techniques and services have to be included in basic NGFW appliances such as SSL inspection, website filtering, QOS, antivirus inspection, and even sandboxing. While these additional services provide value to end users, it also confuses many people, making them wonder about the difference between an NGFW and UTM appliance.\r\nToday, companies should not be searching for an NGFW or a UTM appliance, they should be searching for the right network security appliance that meets the security, deployment, and management requirements of their unique organization.\r\n<span style=\"font-weight: bold;\">WatchGuard&rsquo;s Solutions</span>\r\nOur unique approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMB, midsize, and distributed enterprise organizations, our network security appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.\r\nNot only does WatchGuard offer the greatest collection of network security services on a single platform, we do so in a way that has proven to be the most agile, able to adapt to new and evolving threat vectors faster than any other solution on the market.\r\nWe are a security company and we want the best protection for every customer, every time. As such, we strongly recommend customers adopt a full security suite. When running WatchGuard&rsquo;s Total Security Suite, our Firebox network security appliances offer the strongest security against network threats. Every Firebox can be purchased as a stand-alone NGFW appliance; however, as a security company we never recommend the deployment of an NGFW without other security mechanisms in place. The best approach to security is a layered approach.","shortDescription":"WatchGuard NGFW is an enterprise-class, high-performance gateway security appliance that provides top-of-the-line firewalling, intrusion prevention, and application control.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"WatchGuard NGFW (Next-Generation Firewall)","keywords":"","description":"Historically, next-generation firewall (NGFW) appliances were designed to deliver a very specific set of security services &ndash; firewall, intrusion prevention, and application control. Since being originally defined, the security threats and the technology ","og:title":"WatchGuard NGFW (Next-Generation Firewall)","og:description":"Historically, next-generation firewall (NGFW) appliances were designed to deliver a very specific set of security services &ndash; firewall, intrusion prevention, and application control. Since being originally defined, the security threats and the technology ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/WatchGuard_NGFW__Next-Generation_Firewall_.jpg"},"eventUrl":"","translationId":1410,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":782,"characteristicId":133,"templateId":13,"value":true},"135":{"id":781,"characteristicId":135,"templateId":13,"value":"N/A"},"139":{"id":780,"characteristicId":139,"templateId":13,"value":true},"141":{"id":779,"characteristicId":141,"templateId":13,"value":true},"143":{"id":778,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":777,"characteristicId":145,"templateId":13,"value":true},"147":{"id":776,"characteristicId":147,"templateId":13,"value":true},"153":{"id":775,"characteristicId":153,"templateId":13,"value":"SSL VPN remote access, Application control, Протоколы IPv4/IPv6, Сокрытие адресов с NAT, DHCP, IPSec Site to Site VPN туннели, Stateful TCP/IP stack, URL-фильтрация, Конфигурация статической и динамической маршрутизации"},"1268":{"id":6405,"characteristicId":1268,"templateId":13,"value":true},"1270":{"id":6406,"characteristicId":1270,"templateId":13,"value":true},"1272":{"id":6407,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6408,"characteristicId":1274,"templateId":13,"value":true},"1276":{"id":6409,"characteristicId":1276,"templateId":13,"value":"Reverse proxy, DNS proxy"},"1278":{"id":6410,"characteristicId":1278,"templateId":13,"value":"Bandwidth, Configuration console"},"1280":{"id":6411,"characteristicId":1280,"templateId":13,"value":"High availability, Routed/Transparent mode, Virtualized environment"},"1282":{"id":6412,"characteristicId":1282,"templateId":13,"value":"Threat Intelligence, Active Directory, SIEM, AAA-servers, Network security policy management"},"1284":{"id":6413,"characteristicId":1284,"templateId":13,"value":"N/A"}}}},{"id":2246,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/zscaler__logo_.png","logo":true,"scheme":false,"title":"Zscaler Cloud Firewall","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"zscaler-cloud-firewall","companyTypes":[],"description":"<p>Zscaler Cloud Firewall brings next-gen firewall controls and advanced security to all users in all locations &mdash; for all ports and protocols. Zscaler enables fast and secure local internet breakouts and, because it&rsquo;s 100 percent in the cloud, there&rsquo;s no hardware to buy, deploy, or manage.</p>\r\n<p>With Zscaler Cloud Firewall, you get security and access controls without the cost, complexity, and performance limitations of next-generation firewall appliances. Your protection follows users wherever they go to provide identical protection and access control.&nbsp; Part of the Zscaler Cloud Security platform, Zscaler Cloud Firewall provides a range of benefits that can only be delivered through a global, purpose-built security cloud.</p>\r\n<p><span style=\"font-weight: bold;\">Enables secure local internet breakouts</span></p>\r\n<ul>\r\n<li>Routes internet traffic locally and provides direct-to-cloud connections for a fast user experience</li>\r\n<li>Delivers security and access controls for all ports and protocols, without any appliances to deploy or manage</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Delivers identical protection everywhere</span></p>\r\n<ul>\r\n<li>Brings the entire security stack close to the user for identical protection wherever users connect</li>\r\n<li>Enables granular firewall policies based upon user, location, and application</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Reduces costs and complexity</span></p>\r\n<ul>\r\n<li>Reduces MPLS backhauling costs</li>\r\n<li>Eliminates costly and time-consuming patch management, coordination of outage windows, and policy management</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Scales services elastically</span></p>\r\n<ul>\r\n<li>Unlimited capacity to handle cloud application traffic requiring long-lived connections</li>\r\n<li>Natively intercepts and inspects SSL/TLS traffic&mdash;at scale&mdash;to detect malware hidden in encrypted traffic</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Improves security and controls</span></p>\r\n<ul>\r\n<li>Delivers full, dynamic inspection of HTTP/HTTPS traffic traversing non-standard ports</li>\r\n<li>Fully proxies all DNS traffic to protect against vulnerabilities such as DNS tunnels for data exfiltration</li>\r\n<li>Delivers always-on IPS threat protection and coverage, regardless of connection type or location</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Enables real-time visibility and control</span></p>\r\n<ul>\r\n<li>Logs every session in detail across all users, locations, applications, ports, and protocols</li>\r\n<li>Delivers near-real&ndash;time visibility and policy enforcement from a single console</li>\r\n</ul>","shortDescription":"Zscaler Cloud Firewall provides next-gen firewall capabilities, powerful network security, control and visibility everywhere.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Zscaler Cloud Firewall","keywords":"","description":"<p>Zscaler Cloud Firewall brings next-gen firewall controls and advanced security to all users in all locations &mdash; for all ports and protocols. Zscaler enables fast and secure local internet breakouts and, because it&rsquo;s 100 percent in the cloud, ther","og:title":"Zscaler Cloud Firewall","og:description":"<p>Zscaler Cloud Firewall brings next-gen firewall controls and advanced security to all users in all locations &mdash; for all ports and protocols. Zscaler enables fast and secure local internet breakouts and, because it&rsquo;s 100 percent in the cloud, ther","og:image":"https://old.roi4cio.com/fileadmin/user_upload/zscaler__logo_.png"},"eventUrl":"","translationId":2247,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular &quot;allow/deny&quot; rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked)."},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked)."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"13":{"133":{"id":6500,"characteristicId":133,"templateId":13,"value":"N/A"},"135":{"id":6499,"characteristicId":135,"templateId":13,"value":true},"139":{"id":6506,"characteristicId":139,"templateId":13,"value":true},"141":{"id":6505,"characteristicId":141,"templateId":13,"value":"N/A"},"143":{"id":6503,"characteristicId":143,"templateId":13,"value":"N/A"},"145":{"id":6507,"characteristicId":145,"templateId":13,"value":true},"147":{"id":6504,"characteristicId":147,"templateId":13,"value":true},"153":{"id":6501,"characteristicId":153,"templateId":13,"value":"Application control, Decrypting SSL traffic, URL filtering"},"1268":{"id":6502,"characteristicId":1268,"templateId":13,"value":"N/A"},"1270":{"id":6508,"characteristicId":1270,"templateId":13,"value":"N/A"},"1272":{"id":6509,"characteristicId":1272,"templateId":13,"value":"N/A"},"1274":{"id":6510,"characteristicId":1274,"templateId":13,"value":"N/A"},"1276":{"id":6511,"characteristicId":1276,"templateId":13,"value":"DNS proxy"},"1278":{"id":6512,"characteristicId":1278,"templateId":13,"value":"Bandwidth"},"1280":{"id":6513,"characteristicId":1280,"templateId":13,"value":"N/A"},"1282":{"id":6514,"characteristicId":1282,"templateId":13,"value":"N/A"},"1284":{"id":6515,"characteristicId":1284,"templateId":13,"value":"N/A"}}}}],"selectedTemplateId":13},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}