NGIPS + NGFW: Why BOTH are needed in your network security infrastructure

I often get asked the question, do I really need both a next-generation firewall (NGFW) and next-generation intrusion prevention system (NGIPS) for my network security infrastructure? Well, I say yes.

Do you lock your front door and use an alarm? Do you lock your car and move that expensive tablet off the front seat? Of course you do! See, that’s my point. When you’re trying to protect yourself from the bad guys, you will use everything you can to keep your data, house, car, and anything else secure.

So let’s break it down–what does a next-generation firewall do? The NGFW has its core competencies and it includes:

1. Network address translation
2. Acting as a stateful firewall
3. VPN concentrator
4. Application visibility and control
5. And don’t forget, IPS inspection

A next-generation IPS has its core competencies and they include:

1. Inspect asymmetric traffic flows
2. Perform as a transparent bump-in-the wire inspection device
3. Provide visibility and protection by inspecting network traffic that moves lateral to a perimeter firewall

Since the NGFW is a network device, it can operate lower in the OSI stack and can act as a network boundary or create a network pinch-point perfect for stateful firewalling, application identification, and deep packet inspection.

Using a NGIPS to perform deep packet inspection makes for a more effective strategy against the would-be-adversary. Because an NGIPS does not maintain a state table, it is less vulnerable to attacks that exploit state table exhaustion and result in denial of service. This also gives it the ability to inspect asymmetric data flows. The NGIPS is also a transparent device, just a bump in the wire, allowing traffic to flow as if it is not even there, even if it is deployed in the core, doing deep packet inspection or on the network edge.

Did you know that traffic looks differently in the core vs. the edge of the network? Advanced persistent threats are more easily detected by the NGIPS. Because the NGIPS can be deployed where it will have of the lateral visibility of the traffic, it gives you that advantage over a firewall. A traditional stateful firewall cannot provide this. The lateral visibility it is perfect to identifying machines on a network that have already been compromised and are being used by a bad guy to collect and infiltrate sensitive or important data.

Visibility and the ability to secure a network at the perimeter and at the network core should be essential for every organization that wants to strengthen their overall security posture. The HP TippingPoint NGFW is perfect for the network perimeter and there is no better device than the HP TippingPoint NGIPS to secure the network core and provide that ever increasingly important lateral visibility and control. Why not deploy both?

Why NGFW and NGIPS are needed in network security infrastructure?

NGIPS + NGFW: Why BOTH are needed in your network security infrastructure

The common question is always asked by users: Do you really need both a next-generation firewall (NGFW) and next-generation intrusion prevention system (NGIPS) for my network security infrastructure? Well, the answer is YES!

What does a next-generation firewall do? The NGFW has its core competencies and it includes:

1. Network address translation
2. Acting as a stateful firewall
3. VPN concentrator
4. Application visibility and control
5. And don’t forget, IPS inspection

A next-generation IPS has its core competencies and they include:

1. Inspect asymmetric traffic flows
2. Perform as a transparent bump-in-the wire inspection device
3. Provide visibility and protection by inspecting network traffic that moves lateral to a perimeter firewall

Since the NGFW is a network device, it can operate lower in the OSI stack and can act as a network boundary or create a network pinch-point perfect for stateful firewalling, application identification, and deep packet inspection.

Using a NGIPS to perform deep packet inspection makes for a more effective strategy against the would-be-adversary. Because an NGIPS does not maintain a state table, it is less vulnerable to attacks that exploit state table exhaustion and result in denial of service. This also gives it the ability to inspect asymmetric data flows. The NGIPS is also a transparent device, just a bump in the wire, allowing traffic to flow as if it is not even there, even if it is deployed in the core, doing deep packet inspection or on the network edge.

Did you know that traffic looks differently in the core vs. the edge of the network? Advanced persistent threats are more easily detected by the NGIPS. Because the NGIPS can be deployed where it will have of the lateral visibility of the traffic, it gives you that advantage over a firewall. A traditional stateful firewall cannot provide this. The lateral visibility it is perfect to identifying machines on a network that have already been compromised and are being used by a bad guy to collect and infiltrate sensitive or important data.

Visibility and the ability to secure a network at the perimeter and at the network core should be essential for every organization that wants to strengthen their overall security posture.

From https://www.linkedin.com/pulse/ngips-ngfw-why-both-needed-your-network-security-vino-thava/

Learn more: Migration Recommendations for Cisco IPS and FirePOWER-NGIPS Series

The Most Common NGFW Deployment Scenarios

UTM vs. NGFW

Cisco Firepower NGIPS Data Sheet

More reference:

https://community.softwaregrp.com/t5/Protect-Your-Assets/NGIPS-NGFW-Why-BOTH-are-needed-in-your-network-security/ba-p/280687#.Wp-6idKWaUk

https://communities.cisco.com/thread/83657