First-generation firewalls do not cut the mustard

In the wake of the InfoSec information security exhibition in London last month, I think I finally have Part II to my blog written to coincide with the event: Infosec 2011: application (development) appetisers Part I.

What I was looking for was some insight into how the mechanics of security technologies work, so I spoke to Florian Malecki who is EMEA enterprise marketing and product marketing manager at SonicWALL — a company that describes itself as a purveyor of intelligent network security and data protection solutions.

Malecki’s comments were deeper than most, so that was good.

In the main I discerned that we have a potential IT development/management issue with firewall technologies — when network infrastructures are upgraded to 10 GbE to accommodate for growth in bandwidth requirements beyond 1 Gigabit per second (Gbps), these upgrades can be neutralised by firewalls that are unable to handle high bandwidth requirements or connectivity.

SonicWALL suggests that this is especially true as an increasing number of security-conscious organisations replace their traditional firewalls with a new breed of deep packet inspection (DPI) firewalls that provide protection against the evolving threat ecosystem and the network attack vectors prevalent today.

"The adoption of web 2.0, social networking, cloud computing and mobile devices has dramatically affected the corporate network and the security challenges surrounding it. New bandwidth-hungry web 2.0 applications and social media sites are overwhelming networks, and first-generation firewalls are failing to stop the invasion of new and sophisticated threats. Costs are soaring because the need for bandwidth is increasing — just to maintain the performance of mission-critical applications," said Malecki.

Massive deep security issue, or company that sells firewall technologies trying to fuel debate over the granular control of application traffic and bandwidth?

A bit of both probably, right?