You’ve landed here presumably because you’re doing some research on enterprise firewalls and looking to purchase one for your organization. Great! You’ve come to the right place.
What is an Enterprise Firewall?
Before diving into enterprise firewalls, let’s back up and explain what a firewall is. A firewall is a network security tool that acts as a barrier between a private computer network and the internet. Firewalls monitor and filter incoming and outgoing network traffic based on configured rules or policies. The main purpose of a firewall is to allow trusted data and block malicious data from entering or leaving the network.
Enterprise firewalls, therefore, are firewalls designed to protect the computer networks of organizations such as companies and public institutions. Because enterprise networks are more complex and comprise a larger number of devices, enterprise firewalls are built with higher specifications and come with more advanced security features than consumer firewalls.
In this article, we will explore:
- Why do small and medium enterprises (SMEs) need an enterprise firewall?
- How should SMEs choose an enterprise firewall that fits their unique circumstances?
Do SMEs Need an Enterprise Firewall?
There is a common misconception among small and mid-size enterprises that they have less need for advanced network security. This stems from the belief that they are unlikely targets of cyber-attack due to their lower profile, less valuable data, and limited financial resources. However, this cannot be further from the truth. Several reasons make SMEs attractive targets of cyber-attackers.
Targeted Cyber-Attacks Against SMEs
- Data Breach: Organization size is not always the most objective measure of value and importance. Indeed, some SMEs have exactly the type of data that adversaries are looking for. For example, start-up tech companies may possess the intellectual property coveted by large enterprises and state actors. Private health clinics store a valuable type of data – patient health records – which can be sold for a profit or used to commit fraud.
- Ransomware Attack: According to a report, 82% of organizations targeted by ransomware in 2021 had under 1,000 employees. In a world where large enterprises have the resources to acquire the best security technologies and talent, attackers find it increasingly difficult and costly to penetrate these well-equipped targets. Cost-effectiveness is also an important consideration of ransomware gangs, and SMEs present them with a much better ‘cost-to-profit ratio’.
- Supply Chain Attacks: A supply chain attack is a type of cyber-attack where an attacker breaches the target network through a smaller third party with access to the network. By exploiting the ‘weak link’, attackers can easily breach the target network. SMEs that have access to the network of a larger customer or partner could be used as a pivot to launch a supply chain attack. This may result in the loss of business due to damaged trust or even lawsuits due to negligence.
Untargeted Cyber Threats Exposed to SMEs
SMEs not explicitly targeted by cyber-attackers are not immune from security threats. The fact is that threats lurk in every corner of the Internet, and under-protected SMEs can easily fall victim to them. Here are a few cyber threats SMEs are exposed to on the Internet.
- Phishing Emails: Phishing emails are malicious emails sent in bulk to a list of addresses. This contrasts with spear-phishing emails, which target specific people and organizations. Employees may click the links or open the attachments in these emails, which will attempt to download malware onto their computers. Without a robust firewall, the malware is likely to get through. This can lead to a more significant attack, such as a data breach or ransomware attack.
- Computer Worms: A computer worm is a type of malware that spreads automatically from computer to computer across networks without human interaction. Cryptoworms are a particularly dangerous type of worm since they encrypt files on an infected system and demand a ransom in return for a decryption key. In 2017, the WannaCry cryptoworm exploited a vulnerability in Windows Server Message Block (SMB) to infect over 200,000 Windows PCs in 150 countries.
- Drive-By Download: A drive-by download occurs when malware is downloaded onto a PC or mobile device without the user’s knowledge. A drive-by download can occur simply by visiting a vulnerable website compromised by an attacker or clicking on the website’s malicious links or pop-ups. In April 2022, Parrot TDS was found to have infected over 16,500 trusted websites, using fake Google Chrome update pages to download malware onto PCs.
Enterprises should safeguard themselves from all of such possible attacks. This can be achieved by deploying a powerful Enterprise Firewall. So how should SMEs choose their ideal enterprise firewall?
Enterprise Firewall Buyer’s Guide for SMEs
1. Security Capabilities
The first consideration when choosing an enterprise firewall is its level of protection.
Irrespective of company size, it is not recommended for SMEs to consider legacy or traditional firewalls, such as packet-inspection firewalls. These outdated firewalls are only equipped to deal with known, simple threats. That is provided that the firewall’s signature database has been updated in time. Moreover, 80-90% of today’s web traffic is encrypted. Legacy firewalls lack traffic decryption mechanisms to detect the malicious code concealed in encrypted traffic. Simply put, legacy firewalls are not fit to handle today’s advanced and fast-evolving cyber threats. While legacy firewalls are less expensive, a security incident can easily wipe out the money saved from purchasing a legacy firewall over more advanced firewalls.
Next Generation Firewall (NGFW)
For robust firewall protection, SMEs should be looking to invest in a next generation firewall (NGFW). Next generation firewalls are distinguished by their enhanced security capabilities. For example, NGFWs typically integrate antivirus, intrusion detection and prevention system (IDPS), data loss prevention (DLP), application control, and more into one system. However, not all NGFWs include the same security capabilities, so prospective buyers should choose a firewall that covers their specific needs. Moreover, the additional security capabilities of NGFWs cause a certain degree of performance degradation. Therefore, it is vital to check the difference in performance when certain features are turned on and off. Learn more about sizing your firewall below.
In terms of threat detection capabilities, next generation firewalls are equipped to decrypt traffic and perform deep packet inspection (DPI). NGFWs can look deep inside data packets and detect hidden malicious code. Certain next-gen firewalls also integrate real-time threat intelligence to detect the latest internet-borne threats. However, not all NGFWs possess the same malware detection capabilities. Prospective buyers should enquire about the malware detection engine that powers threat detection. Malware detection engines powered by artificial intelligence (AI) produce superior detection rates, even when faced with unknown threats. Some NGFWs may even integrate a web application firewall (WAF). WAFs are specialized firewalls designed to protect web applications and services from web attacks. A WAF-Integrated next generation firewall is ideal for SMEs that operate web apps and services, doing away with the need to spend money on a standalone WAF.
A fully featured NGFW provides SMEs with all-round security protection without the need to build a security stack of multiple products. This helps to save costs and reduce operational complexity, which is essential to SMEs with financial and human resource constraints.
When sizing your enterprise firewall, the various specifications may be slightly confusing. However, there is essentially only one specification that is decisive: Throughput.
Firewall throughput measures the maximum volume of traffic that can pass through the firewall at any given time, measured in Mbps or Gbps. When referring to the specs of a next generation firewall, you will likely find several figures for throughput. Depending on the vendor, these may be called “Firewall Throughput”, “NGFW Throughput”, and “Threat Protection Throughput”. The different names correspond to the firewall’s throughput when certain security features are enabled or disabled (see figure 1 below for examples). SMEs should check the corresponding security features for each name and base their choice on the features they intend to use. Essentially, the ideal firewall throughput is slightly larger than your current bandwidth usage, provided that you are operating at the optimum bandwidth.
As long as you operate at optimum bandwidth, other specifications, such as the number of concurrent connections, new connections, and memory, will naturally fit your organization's needs. However, it is also essential to consider future business expansion when sizing your enterprise firewall. A firewall will last about 3-5 years, so a firewall that does not meet future needs will suffer from bottlenecks and have a counter-effect. Therefore, it is recommended to invest in an enterprise firewall with a throughput that meets expected future bandwidth usage.
Figure 1. Throughput figures of various Sangfor NGAF models
NGFWs can be deployed as hardware firewalls, software firewalls, or virtual/cloud firewalls. Different deployment models have their respective advantages and disadvantages. SMEs should choose the deployment model that best fits their needs and circumstances.
A hardware firewall, or appliance firewall, is a physical device that sits between the Internet and the internal private network. Hardware firewalls are positioned on the network to provide protection to all devices on the network or the same network segment. We almost always refer to hardware firewalls when speaking of enterprise or business firewalls. This is because hardware firewalls have the high specifications needed to deliver advanced security capabilities and support a large number of network devices.
A software firewall is an application that is installed on a PC. Because software firewalls are only designed to protect the device it is installed on; they do not offer the network-wide protection SMEs require. However, software firewalls can serve as a backup in case threats evade the hardware firewall or if the hardware firewall fails. Therefore, installing software firewalls on network PCs in combination with a hardware firewall is good practice.
A virtual or cloud firewall is a firewall delivered as a service (FWaaS) over the Cloud. With a virtual/cloud firewall, the service provider creates a virtual barrier between the Internet and your network devices. Virtual/Cloud firewalls are typically offered on a subscription basis instead of a licensing model. This helps organizations save on capital expenditure for hardware firewalls and offers greater flexibility compared to the more rigid software licenses. More recently, NGFWs have been provided as part of a secure access service edge (SASE) solution that integrates multiple security and networking services into one cloud offering. These are more compatible with businesses that operate many branches and have many remote users.
4. Support Services
Do not forget to consider support services when purchasing an enterprise firewall. Firewall malfunctions can arise due to vulnerabilities, misconfigurations, and hardware bottlenecks. Being able to seek help conveniently and efficiently makes a massive difference to service downtime and, ultimately, the impact on the organization.
Prospective buyers should find out what technical support services the vendor offers. Check whether they have a 24-hour hotline. Enquire where the call center is located and whether service agents speak the native language to ensure smooth communication. Does the firewall vendor have a local presence, such as a regional office, staff, partners, and a warehouse for supplies? Do they provide on-site support? After you have whittled down the list of potential firewall products to a few candidates, high-quality support services can be the difference between a good and an outstanding choice.
5. Industry Recognition
With every firewall vendor singing their products’ praises, it can be difficult to rise above the noise and determine which product is best for your organization. Thankfully, authoritative market research and advisory firms like Gartner Inc. and Forrester release regular reports on enterprise firewalls and other cyber security technologies. SMEs can refer to these reports for objective and trustworthy insight into the enterprise firewall products of different vendors.
Gartner Magic Quadrant
According to Gartner, “a Gartner Magic Quadrant is a culmination of research in a specific market, giving you a wide-angle view of the relative positions of the market’s competitors. By applying a graphical treatment and a uniform set of evaluation criteria, a Magic Quadrant helps you quickly ascertain how well technology providers are executing their stated visions and how well they are performing against Gartner’s market view.”
For the latest Gartner Magic Quadrant for Network Firewalls, visit: https://www.gartner.com/en/documents/4007809
Sangfor Technologies is recognized as a “Visionary” in the Gartner Magic Quadrant for Network Firewalls 2021. We believe this reflects the cutting-edge innovation of our next generation firewall – Sangfor NGAF. Sangfor NGAF is the world’s first WAF-enabled NGFW powered by Engine Zero, our AI malware detection engine. For more information, please read this news article on our recognition in the Gartner MQ for Enterprise Firewalls.
Gartner Peer Insights Voice of the Customer
According to Gartner, “The Gartner Peer Insights ‘Voice of the Customer’ is a Gartner research document that synthesizes Gartner Peer Insights’ content in a specific market for a specified 18-month period. This peer perspective along with the individual detailed reviews are complementary to expert research and was developed as an additional resource for end-users in their buying process.”
Sangfor Technologies has been recognized in the Gartner Peer Insights Voice of the Customer: Network Firewalls report for two consecutive years. In the latest report, Sangfor NGAF is named a “Strong Performer”, scoring a 4.8 out of 5. For more information, please read this news article on our performance in the Voice of the Customer: Network Firewalls report.
Alternatively, visit the Gartner Peer Insights website to browse the latest reviews. The platform provides customer information such as company size and industry to help prospective buyers determine the suitability of products for their organization.
Forrester Now Tech
According to Forrester, “The Forrester Now Tech is designed to help our clients understand, identify, and shortlist the vendors that align with their most critical business technology issues.”
Sangfor Technologies was included in the Forrester Now Tech: Enterprise Firewalls Q2, 2022 report. Sangfor is classified as a growing midsize market player with a strong market presence in Asia Pacific. For more information, read this news article about how Sangfor faired in the report.
CyberRatings is an independent, non-profit organization that provides unbiased ratings, technical reports, and industry analysis for various cyber security technologies.
In the 2021 Enterprise Firewall report, Sangfor Technologies was awarded a ‘AAA’ rating for our next generation firewall, Sangfor NGAF. According to CyberRatings, “a product rated ‘AAA’ has the highest rating assigned by CyberRatings.org. The product’s capacity to meet its commitments to consumers is extremely strong.” For more information, read this news article about CyberRating’s evaluation of Sangfor NGAF.
About Sangfor NGAF Next Generation Firewall
Recognized in the Gartner Magic Quadrant for Network Firewalls as Visionary, Sangfor NGAF is the world's first AI-enabled, WAF-integrated next generation firewall (NGFW).
Sangfor NGAF is powered by Sangfor Neural-X's threat intelligence and Engine Zero malware detection engine and fully correlates with Sangfor Endpoint Secure (EDR) and Cyber Command (NDR) to deliver robust threat detection and response capabilities. With Sangfor NGAF, organizations can secure their network from malicious intrusion and unknown zero-day attacks, eliminating over 99% of threats at the perimeter. NGAF can be installed on-premises as a network hardware firewall or on the cloud as a virtual firewall, compatible with Sangfor HCI or VMware ESXi.
Visit the Sangfor NGAF product page to learn more about its features and capabilities, advantages, customer success stories, data sheets, and more.
Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Contact us to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.