Firewalls emerged from basic router traffic control systems into full-featured content filters. However, throughout this evolution, firewalls have remained focused on detecting unwanted, unknown, or malicious traffic and blocking it. The filtering mechanisms have typically been identification-based. Whether IP address, port, protocol service, MAC address, content keyword, or even user authentication, the Allow and Deny decisions relied directly on easily definable elements.

Modern firewalls now offer a variety of enhancements, improvements, or add-on features that some organizations might find attractive. You should consider the value of these enhancements in light of the ability of the device to continue to perform the essential services of firewall filtering. Do not let features that are not essential to your use of the firewall distract you from obtaining and deploying a reliable filtering device. Be sure to research any newly offered enhancement thoroughly before making a purchase. Unnecessary features not only inflate the cost, but some can cause security problems or introduce vulnerabilities into the network.

A common or popular firewall enhancement is malware scanning. Adding an antivirus, anti-spyware, anti-Trojan, anti-whatever scanner to a firewall is not a significant stretch of the core firewall’s capabilities, especially for application proxies and stateful inspection firewalls. The main concerns should be whether such an enhancement can maintain wire speed performance and whether the firewall’s anti-malware abilities are on par with existing standalone malware protections. If you are considering a firewall malware scanning enhancement, pay attention to the details. Important considerations are the detection engine and the mechanism of periodically updating virus signature definitions.

Firewalls can also offer IDS and IPS features. In fact, the merging of intrusion detection and prevention is a logical combination. The ability of a single device that can filter traffic, as well as watch for and defend against intrusions, is attractive. But the question remains: Does the combination device perform both tasks at the same level of excellence as common independent products? If not, then the combination is more of a detriment than a benefit. Also, does the firewall maintain the ability to operate at wire speed?

Some firewalls are equipped to function as a VPN endpoint. When designing a firewall and VPN architecture, this might be an attractive option, but as with every firewall enhancement, you should evaluate its features and performance against that of standalone solutions.

Unified threat management (UTM) is the deployment of a firewall as an all-encompassing primary gateway security solution. The idea behind UTM is that you can use a single device to perform firewall filtering, IPS, antivirus scanning, anti-spam filtering, VPN endpoint hosting, content filtering, load balancing, detailed logging, and potentially other security services, performance enhancements, or extended capabilities. UTM has its advantages, mainly in the ability to deploy a single product and manage multiple security services from a single interface.

Any given UTM can be a jack-of-all-trades product and a master of none. With many of the larger firewall and security product vendors developing product lines supporting UTM, however, it is possible to deploy a reliable single-device solution. But even a reliable UTM product remains a single point of failure. UTMs are obvious improvements to environments that use simple or outdated firewalls and those that lack independent coverage in the non-firewall security categories. An all-in-one UTM device can quickly and effectively improve your organization’s security.

As the trend toward virtualized networks, hosts, and applications continues, the need for security within virtualized networking environments increases as well. Just because the virtual host exists in memory alone does not imply that it is immune to hacking or exploitation. In fact, the business may be at even greater risk. Include firewalls in the construction of virtualized networks.

You can still use a hardware firewall when traffic between virtual hosts crosses a physical network segment. However, when virtual host communications occur within memory alone, a virtualized firewall is necessary. A virtualized firewall is really the same as a virtualized host; it is a software construct of a hardware environment that hosts the OS so it can function in memory rather than on actual physical devices. You can install a software firewall into a virtual host to act as a firewall for virtual network connections. When designing and using a virtualized network, make the effort to include virtual firewalls as part of the infrastructure.