Know When to Have a Dedicated NGIPS vs. NGFW
With the ever-evolving threat of cyber-attacks, a network security solution requires unparalleled visibility and intelligence covering known and unknown threats for comprehensive protection. And with so many organizational responsibilities with different agendas, you need one consistent security enforcement mechanism across all the different facets of your organization. As these operational demands increase, there is a renewed focus on dedicated NGIPS to provide a deeper level of security and visibility for the enterprise.
The distinction between use case scenarios for standalone NGIPS vs. NGFW deployments can often be tricky to navigate. Although firewall deployments are better suited for some organizational requirements, there will continue to be a need for standalone NGIPS appliances in the enterprise. Generally, the scenarios that require a standalone NGIPS appliance are as follows:
- The firewall is deployed with only firewall features enabled and does not have next gen IPS capabilities integrated.
- IPS usage on the NGFW causes significant throughput degradation.
- Deployment scenarios where blocking quality and performance are mandatory, exceeding the firewall capabilities
- Segregation of NetOps and SecOps responsibilities on the network
- Deployment mode requirements such as passive, inline without blocking or inline with blocking
The demand for dedicated NGIPS is driven by the industry requirements:
High Performance. Often when businesses enable security applications on their NGFW such as NGIPS, they experience throughput degradation/increased latency. In order to accommodate networks with high throughput requirements while maintaining a solid security profile, separating the NGFW and NGIPS functions optimizes throughput and security for the enterprise.
Resiliency. NGIPS provides hardware-based fail-open/fail-closed or fail-to-wire capabilities ensuring increased network uptime. This gives Security Operations the ability to have effective redundancy, reduces downtime risk and adds network resilience.
Security operations empowerment. Enterprise organizations often require a separation of responsibilities when it comes to NGFW and NGIPS as NetOps and SecOps missions are different. Network operations focus primarily on the network performance. Security operations manage risk and implement rapid containment and response. This can lead to conflict in the enterprise if these duties are managed in a single appliance. The segregation of duties enables agility for policy change with no impact to the network. By streamlining the security functions, the appropriate teams are able to add or modify security policies to the network without downtime including firewalls, malware protection and other preventative measures.
Interested in exploring even more ways a dedicated NGIPS can improve network security for your enterprise?
Read our newsletter, with content from Gartner, on The Evolution of Next Generation IPS.
For additonal information, please check out the Cisco Firepower NGIPS website.