What’s next for network firewalls?

Firewalls have come a long way from their humble beginnings of assessing network traffic based on appearance alone. Today’s next-generation firewalls (NGFWs), which must protect all areas of enterprise, can filter layer 7 applications, block malicious attachments and links, detect known threats and device vulnerabilities, apply patching, prevent DDoS attacks, and provide web filtering for direct internet access.

And NGFWs aren’t done evolving. Here are six predictions for the future of the firewall.

1. The spread of convergence

Convergence is important to reducing cybersecurity complexity because it brings together the network and its security infrastructure into a single layer. We predict that the convergence of networking and security will continue to expand to more areas. Today, convergence is happening with SASE, which converges cloud-delivered security and networking, as well as Secure SD-WAN, zero trust network access (ZTNA), network access control (NAC), secure access points, and secure switches.

Convergence also is happening in different formats; now security convergence is happening in appliances, virtual machines, cloud-delivered services, and containers. Convergence through the use of a single operating system facilitates integration and automation, improving operational efficiency and security consistency no matter where users or applications are distributed. Integration between the different security technologies allows them to function collaboratively. And automation leverages the built-in intelligence that integration enables across different solutions to actively detect and respond to threats by coordinating all available resources.

2. Cyber disruptions are more devastating

Today’s cyber threat landscape continues to accelerate, both in volume and sophistication, which is increasing the demand for high levels of automation as well as solutions that take advantage of artificial intelligence (AI) and machine learning (ML). Cybercrime is profitable with increasingly complex and organized business ecosystem that includes ransomware as a service (RaaS) and cybercrime as a service (CaaS). Cybercriminals also have been adding levels of extortion to get victims to pay, including combining encryption with threats to publicly expose data, adding distributed denial of service (DDoS) attacks, and even reaching out directly to a victim’s customers and stakeholders so they will put further pressure on the victim to pay.

The Fortinet 2H 2022 Threat Landscape Report, predicts that the growth of CaaS means that there will continue to be a high volume of increasingly sophisticated attacks and more new variants for security teams to contend with. And in a recent World Economic Forum survey, 91% of global leaders agree that a cybercrime-related catastrophe is coming. At the same time, the cybersecurity skills shortage continues with more than 1/3 of roles remaining unfilled.

3. Hybrid work continues to grow

Remote and hybrid work continues to increase, and cybercriminals will continue to target this expanding attack surface. According to Gartner by the end of 2023, 48% of global knowledge workers will be hybrid or fully remote. Hybrid work is now mainstream and to address this shift in the workforce and threat landscape, enterprises must take a “work-from-anywhere” approach to their security by deploying solutions capable of following, enabling, and protecting users no matter where they are located. A Universal Zero Trust approach with policy and context and integrated SASE that includes both on-premises NGFW security with cloud-delivered security will become more important. The permanence of remote employees will drive the need for a unified management console for on-premises, cloud, and remote security.

4. Network modernization goes further

Network modernization will continue as enterprises work to meet new requirements. For example, 5G is now used in more situations, such as in factories and for drone operations. To provide a better user experience, organizations will continue to invest in modern networking technologies such as SD-WAN and 5G to provide faster access to local networks while also enabling direct internet access to multi-cloud/SaaS applications (LAN/WLAN). Security shouldn’t be applied as an afterthought; security solutions that are not well integrated with each other or the underlying network almost inevitably lead to security risk and gaps as the attack surface expands and adapts. IT operations need an automation-driven approach that simplifies operations and enables end-to-end digital monitoring across users, networks, devices, and applications to detect anomalies.

5. Performance takes center stage

As enterprises converge networking and security, what used to be separate appliances are consolidated into a single solution. For example, a typical NGFW now may be equipped with firewalling, SD-WAN, a Wi-Fi controller for SD-Branch, an Ethernet controller, and zero-trust functionality. At the same time, security devices can’t turn into a performance bottleneck within a network and security architecture or sacrifice visibility, user experience, or security. The combination of purpose-built ASICs, cloud-delivered networks for SASE, and natively integrated cloud-delivered Security-as-a-Service make it possible to extend superior user experience and coordinate threat protection across all network edges.

6. Increased demand for hybrid mesh firewalls

A hybrid mesh firewall is a new term for a unified security platform that is available in various form factors, including appliances, virtual machines, cloud-native firewalls, and firewall-as-a-service (FWaaS). With the continued growth of hybrid environments, organizations will put increasing emphasis on firewalls that work together no matter where they’re located, including the cloud. In fact, Gartner states in its latest Magic Quadrant for Network Firewalls that “by 2026, more than 60% of organizations will have more than one type of firewall deployment, which will prompt adoption of hybrid mesh firewalls.”

Hybrid mesh firewalls incorporate AI/ML-powered security to identify and classify applications, web URLs, users, devices, malware, and more while automating policy enforcement across domains. The AI/ML at the heart of hybrid mesh firewall automation helps reduce the amount of manual work involved in protecting enterprise IT.

Fortinet FortiGate NGFWs not only provide industry-leading threat protection and decryption at scale with a custom ASIC architecture, but also have features such as SD-WAN, Universal ZTNA, integration with SASE, and support for Hybrid Mesh Firewalls. Learn more about how FortiGate NGFWs provide deep visibility and security in a variety of form factors, including container firewalls, virtual firewalls, and appliances.