Although the traditional firewall continues to be at the top of the list when it comes to security investments,the value of those investments continues to be a major question. The simple fact of the matter is that most existing firewalls are routinely penetrated, usually via a port that the IT organization leaves open to support any number of Web applications. As more Web applications proliferate, the more acute the problem becomes.
Palo Alto Networks CTO Nir Zuk says that in 2011 we’ll see a shift away from legacy network firewalls to something that Palo Alto describes as “next-generation firewalls.” This migration won’t happen overnight, but Zuk says that many IT organizations are beginning to think about network firewalls as a legacy security architecture.To modernize their security systems, many of them are deploying a new generation of application firewalls behind their network firewalls to add a more robust layer of security.
Over time, Zuk says IT organizations will then discover that these new firewalls are not only more effective, they also eliminate the need to invest in network perimeter firewalls, anti-virus software, proxy servers and data loss prevention (DLP) appliances.
Zuk concedes that IT organizations are conservative when it comes to security so this will all take time to come about. But in 2010, many IT organizations have come to realize how bloated and ineffective their security spending has become. That means that in 2011 many of them are now prepared to begin deploying new approaches to application security that will prove to not only be more effective, but can also pay for themselves by eliminating the need for a mess of security products they are trying to manage today.
How aggressively an IT organization decides to move to clean up its current security mess will depend on the organization. But what is clear is that what’s in place today is not working all that well from either an effectiveness or cost perspective. As such, it’s in the best interest of the organization as a whole to at least start experimenting with new approaches to security. You’ll probably be pleasantly surprised by what you’ll discover.