How to evaluate NGFW products to strengthen cybersecurity

How to evaluate NGFW vendors

While it's natural to focus on the features and functions of NGFW products, CISOs should also evaluate the product vendors. Vetting these vendors and ensuring their efficacy can help avoid mistakes that delay or even derail the evaluation process.

Approach the vetting process as when making any major purchase. For example, learn how easy it is to work with the vendor. Gauge its reputation, technical support and trustworthiness by reading online reviews. Take into account how long the vendor has been selling NGFW products. Ask if it is actively developing new products and features or only maintaining existing technology. Also, ask whether the vendor developed the NGFW products or if the technology was acquired through a company merger or acquisition.

An organization's relationship with the chosen vendor will last long after the contract is signed, so select one with which it is comfortable working.

NGFW product features

Each organization will have its own unique set of security needs and priorities. With NGFWs containing a range of advanced product features, CISOs have much to consider.

Detection and response

The main objective of an NGFW is to detect and respond to threats. It is key to select an NGFW that can identify and understand the applications and protocols in use at the organization. It is also important that the NGFW analyzes the nature of communication, stops malicious and unwanted traffic, and logs and generates alerts for the cybersecurity team.

Most security teams will require an NGFW that uses threat intelligence feeds to detect malicious and suspicious activity. The latest NGFWs integrate AI to improve speed and accuracy when detecting and responding to attacks and other policy violations.

Management and maintenance

To reduce complexity, look for an NGFW array accessible through a single interface to manage, maintain, monitor and report all encrypted and unencrypted network traffic. Ensure it supports and can enforce highly customizable rule sets and other configuration settings. Administrators should be able to tune detection capabilities to reduce both false positives and false negatives, and roll back configuration changes if problems occur. Ideally, select an NGFW that enforces zero-trust architecture principles.

Integration

CISOs should select an NGFW that integrates and interoperates with other enterprise cybersecurity technologies used by the organization, including network-based, host-based, and cloud-based products and services. The NGFW will need to ingest automated threat intelligence feeds from any source with updates in near-real-time.

Additional NGFW selection criteria

Selecting an NGFW involves more than vendor and feature scrutiny. Evaluators should also ask these questions for additional selection criteria.

Product health

• How long has the product -- and any predecessor models -- been in widespread use?
• Will this product be replaced or retired soon?
• How often does the product require updates?
• Are updates disruptive to operations?
• What do third-party evaluations and verified user reviews indicate about the product's performance, reliability, resilience and scalability over time?

Product use experience

• Is the product easy to deploy, configure and use?
• How steep is the learning curve for the product's most advanced features?
• How strong are the product's technical support, documentation and knowledge bases?
• What hardware, licensing and subscription requirements are standard versus add-on?

Technology innovation

• Does the product support forward-looking technologies, such as post-quantum cryptography?
• What upgrades and innovations have been announced?
• What capabilities does the organization already have and what new ones might it need?

Budget considerations

No security operation can overlook the budget. NGFW budgeting can be surprisingly complicated due to the multitude of deployment models, on-premises hardware appliances, on-premises software installed on commodity hardware, cloud-native software, virtual software and cloud-based services. Naturally, the budget will differ for a deployment involving on-premises hardware appliances versus a SaaS-based deployment.

When it comes to pricing, remember that vendors often offer multiple models across hardware and cloud-based services.

Also note that not all major NGFW products are the same. Each vendor's hardware, licensing and subscription requirements are unique, so costs will add up differently. In addition, vendors might try to upsell features the organization already has or does not need. Consider these features carefully.

Selecting an NGFW is a high-stakes decision that will have a long-term impact on an organization's security. CISOs who do their homework and ask the hard questions can choose a platform that meets the evolving security needs of their operation.