Sie sind auf Seite 1von 3
Forrester Thought Leadership Executive Summary Commissioned By Fortinet November 2015 Your Best Defense:

Forrester Thought Leadership Executive Summary Commissioned By Fortinet

November 2015

Your Best Defense: Next-Generation Firewalls Enable Zero Trust Security

Security professionals are tasked with defending their organizations from internal and external threats at a time when those threats are more sophisticated, numerous, and unpredictable than ever before. Traditional security controls that were once effective are now insufficient to protect organizations from today’s highly skilled cyberattackers.

In today’s threat landscape, it is not enough to protect the perimeter, relying on a “trust but verify” approach. The only way to ensure a malicious user isn’t granted access to your network under the cover of “trusted” traffic is to assume a Zero Trust model, in which all network traffic is untrusted.

Next-generation firewalls (NGFWs) are a critical component of the Zero Trust model, allowing security professionals the flexibility to place protection at the data level and effectively defend against the rapidly changing threats organizations face today.

Eighty-seven percent of IT security professionals surveyed reported their organizations have

experienced at least one breach within the past 12 months.

Key Findings

Forrester’s study yielded the following best practices for NGFW evaluation:

Thoroughly test Conduct an solutions within honest internal your own assessment. environment. Deploy NGFWs in
Thoroughly test
Conduct an
solutions within
honest internal
your own
assessment.
environment.
Deploy NGFWs in
Identify and vet a
front of your
wide cast of
organization’s
vendor solutions.
most sensitive
data.

This is a summary of results

from the Fortinet-

commissioned Thought

Leadership Study, “Your Best

Defense: Next-Generation

Firewalls Enable Zero Trust

Security.

METHODOLOGY

Fortinet commissioned this

study to examine the

purchase and implementation

considerations, as well as the

challenges faced, for next-

generation firewalls.

To explore this topic, Forrester

conducted a quantitative

survey of 150 IT security

professionals at midlevel

organizations with next-

generation firewall

implementations.

survey of 150 IT security professionals at midlevel organizations with next- generation firewall implementations.
Next-Generation Firewalls Are The Cornerstone Of Zero Trust In a Zero Trust network, next- generation

Next-Generation Firewalls Are The Cornerstone Of Zero Trust

In a Zero Trust network, next-generation firewalls act as “segmentation gateways.” Unlike traditional firewalls, NGFWs can be placed at the center of the network in front of the data they need to protect rather than at the edge of the network, which is a core tenet of Zero Trust.

How effective was your NGFW in protecting

against the following threats?

(Respondents indicating ex tremely ef fective)

Database/content /data management

system compromise N = 79

Mobile applications intrusion

N = 82

Web/sof t ware applications

exploits N = 90

intrusion N = 82 Web/sof t ware applications exploits N = 90 71% 63% 54% ›

71%

63%

54%

Database/content/data management system compromises, mobile application intrusions, web/software application exploits, malware, and operating system vulnerabilities, among other types of breaches, threaten enterprise networks every day. Because NGFWs can be deployed in front of sensitive data, they are very effective at protecting against these

threats.

Malware (i.e., viruses, worms,

botnets) N = 79

Drive -by downloads

N = 46

Operating system

vulnerabilities attacks N = 9 0

Denial of ser vice attacks

N = 55

53%

52%

51%

47%

NGFWs take security controls found in individual point products (firewalls, intrusion prevention systems, web

application firewalls, content-filtering gateways, network

access controls, VPN gateways, and other encryption products) and embed them in a single solution.

Positioning a NGFW at the center of the network

Phishing

N = 61

Vandalizing of website or

manipulation of site content N = 62

46%

of website or manipulation of site content N = 62 46% 45% provides visibility into data

45%

provides visibility into data access and greatly increases your chances of discovering an intrusion before it

escalates into a data breach. Fifty-six percent deployed NGFWs in front of dedicated network segments, effectively creating microperimeters, and 49% deployed them in the data center an indication that midlevel enterprises are well on their way to adopting Zero Trust. As you plan your NGFW implementation, it is important to identify key points in your network for deployment.

According to a recent Forrester survey on global security trends, 50% of midlevel US organizations had implemented NGFWs or had plans to expand their implementation, and another 22% planned to adopt NGFWs within the next 12 months.

Next-Generation Firewalls Are The Cornerstone Of Zero Trust

Before implementing a NGFW, it is important to weigh business and technology considerations, have in- depth insight into your current environment, and fully evaluate and test vendor solutions. Some lessons learned from study participants include:

Understand the infrastructure, staffing, and budgetary implications of implementing a NGFW. The security pros surveyed weighed technical factors as well as cost, implementation time, and the IT resources needed to manage the solution. Be sure to conduct a thorough assessment of all implications of a NGFW implementation.

Conduct an honest internal evaluation. The vast majority placed high priority on all NGFW features during the evaluation phase. But most respondents only used select features once they were implemented, with just antivirus and application control capabilities used by more than 50% of respondents. If you are running point products with capabilities redundant with a NGFW, beware you may encounter inefficiencies.

Identify the contenders. Nearly two-thirds would consider a broader selection of vendors if they could do it again. Identify the NGFW vendor solutions that best fit your requirements, and use product demos, a proof of concept, bake-offs, and third-party testing to generate your shortlist.

Test before you buy. Seven out of 10 survey respondents said if they could go back in time, they would do more extensive testing of capabilities. Be sure to thoroughly test solutions in your own environment.

time, they would do more extensive testing of capabilities. Be sure to thoroughly test solutions in
“ What would you do differently if you had to select and deploy an NGFW

What would you do differently if you had to select and deploy an NGFW again?

(Select all that apply)

More extensive testing of capabilities

Consider a broader selection of vendors

Outsource this security function

Check third-party test results

this security function Check third-party test results 61% 56% 51% 71% Zero Trust is becoming widely
this security function Check third-party test results 61% 56% 51% 71% Zero Trust is becoming widely

61%

this security function Check third-party test results 61% 56% 51% 71% Zero Trust is becoming widely

56%

security function Check third-party test results 61% 56% 51% 71% Zero Trust is becoming widely adopted

51%

71%

Zero Trust is becoming widely adopted by leading, cutting-edge organizations. As data breaches continue to devastate businesses and governments, more security organizations are under pressure to create new ways of protecting their critical data by turning to a Zero Trust data-centric network security model powered by NGFW technology.

Next-generation firewalls are a key enabler for implementing and applying Zero Trust concepts. However, it’s more than a matter of just deploying a NGFW. As you embark on your Zero Trust journey and begin to evaluate NGFWs:

1 2 3 Evangelize Start a cross- Map out your Zero Trust to functional data
1
2
3
Evangelize
Start a cross-
Map out your
Zero Trust to
functional
data flows.
gain internal
Zero Trust
support.
working group.

To read the full results of this study, please refer to the Thought Leadership Paper commissioned by Fortinet titled, Your Best Defense: Next-Generation Firewalls Enable Zero Trust Security.

ABOUT FORRESTER CONSULTING

Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester’s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting.

© 2015, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester ® , Technographics ® , Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to www.forrester.com. [1-WFUIC3]

trademarks are the property of their respective companies. For additional information, go to www.forrester.com. [1-WFUIC3]