Intel Security subsidiary McAfee has launched the latest version of its Next Generation Firewall (NGFW), built with technology it obtained with the purchase of Finnish network security specialist Stonesoft last year.

Taking development cycles into account, this is the first NGFW product to truly integrate into the McAfee ecosystem.

The company has also launched a piece of research which suggests that businesses are confused by the terminology, thinking their firewall is ‘next gen’ even when it’s not.

The next generation
Enterprise customers change their firewalls every 3-5 years, and the upgrade is usually driven by the need for more bandwidth, not demand for new features. But not all firewalls are created equal – McAfee’s Ashish Patel believes NGFW is a new class of product, not a marketing buzzword.

He complained that the term was being thrown around by overzealous salespeople, confusing the market as to what NGFW is actually supposed to do. According to research by Vanson Bourne, 60 percent of all respondents in the UK (and a staggering 98 percent in the US) think they have a Next Generation Firewall in place, even if it doesn’t offer any of the advanced features.

“It has to be a technology that has application awareness, user awareness and it has to have IPS [Intrusion Prevention System] capability. Following that, you have a whole host of features that people consider should or shouldn’t be part of the Next Generation Firewall,” said Patel, director of Network Security for UK&I at McAfee, during a launch event in London.

“We need to somehow define what a Next Generation Firewall is, to allow people to move into that space.”

McAfee’s latest offering features built-in IPS, VPN and deep packet inspection functionality. It can be deployed as a physical appliance, software solution or virtual appliance.

Just like the previous versions developed by Stonesoft, NGFW can detect Advanced Evasive Threats (AETs) – malware split into small, benign-looking packets that are sent one at a time, and automatically re-assembled on the other side of the firewall.

But the real news here is the latest version integrates with McAfee Enterprise Security Manager, ePolicy Orchestrator, Advanced Threat Defense and Global Threat Intelligence products. This will be especially important for customers who have already invested into McAfee, for example its antivirus and SIEM software.

NGFW takes advantage of the recently announced Threat Intelligence Exchange (TIE) system, based on McAfee’s Data Exchange Layer (DXL). It can be described as the “immune system” that links together endpoints, gateways, and other security products, helping them work in harmony.

According to the same Vanson Bourne survey, 37 percent of IT decision makers at large UK companies believe point security solutions that don’t share information can lead to threats going unnoticed.

How it works
The intelligence sharing process was illustrated by Klaus Majewski, director of Technology and NGFW Engineering at McAfee. When NGFW finds suspicious traffic, it consults the cloud-based signature databases and runs it through the antivirus. If the findings are inconclusive, the file will be forwarded to Advanced Threat Detection, another McAfee product.

There’s also a sandbox environment where the potential threat can roam free. If it destroys the sandbox – well, that’s a sure sign that the file is malicious. A warning from any other security product will result in instant blocking by NGFW. The whole operation is over in milliseconds, while the useful intelligence is fed back to the cloud.

“We have white, black and a grey area. White is good, black is bad, and the big gray area – we don’t know. So we’re trying to make gray area smaller,” told us Majewski.

In the future, McAfee would like to share threat intelligence with other organizations. It envisions communities dedicated to different parts of the security landscape, for example retailers who focus on threats particular to retail.