1
00:00:01,230 --> 00:00:09,720
In this section we are going to take a look to the next generation firewalls and the IP guys firewalls

2
00:00:09,810 --> 00:00:14,510
are as standard security tool for the majority of companies.

3
00:00:14,520 --> 00:00:23,010
But in today's changing threat landscape next generation firewalls are the only firewalls that can provide

4
00:00:23,040 --> 00:00:24,990
proper protection.

5
00:00:25,060 --> 00:00:31,940
The former firewalls were just able to perform some protocol inspections and port inspections.

6
00:00:32,220 --> 00:00:41,990
But these did pack inspection firewalls are moving beyond Port protocol inspection and blocking to add

7
00:00:42,000 --> 00:00:49,560
the application level inspection intrusion probation and bragging bringing intelligence from outside

8
00:00:49,560 --> 00:01:00,080
the firewall so as the name suggests next generation firewalls are a more advanced version of the traditional

9
00:01:00,080 --> 00:01:02,800
firewall and they offer some benefits.

10
00:01:02,810 --> 00:01:11,180
But next generation firewall has some advanced features like regular firewalls next generation firewall

11
00:01:11,180 --> 00:01:19,490
use both static and dynamic packet filtering and weeping and support to ensure that all connections

12
00:01:19,520 --> 00:01:28,040
between the network internet and firewall are valid and secure both firewall types should also be able

13
00:01:28,040 --> 00:01:34,100
to translate to network and port addresses in order to map eyepiece.

14
00:01:34,100 --> 00:01:41,430
There are also fundamental differences between the traditional firewall and next generation firewalls.

15
00:01:41,450 --> 00:01:50,120
The most obvious difference between the two is next generation firewalls ability to filter packets based

16
00:01:50,240 --> 00:01:52,560
on application skies.

17
00:01:52,640 --> 00:02:01,280
These firewalls have extensive control and visibility of applications that is able to identify using

18
00:02:01,360 --> 00:02:04,130
analysis and signature matching.

19
00:02:04,160 --> 00:02:12,230
So that means for example a if you want to block Skype in a network or if you want to block Facebook

20
00:02:12,230 --> 00:02:19,670
in a network or any other application you can do it with the next generation firewall which is not possible

21
00:02:19,670 --> 00:02:23,210
to do it with a traditional firewall.

22
00:02:23,210 --> 00:02:32,600
And also they can use swipe lists or a signature based IP as to distinguish between safe applications

23
00:02:32,630 --> 00:02:39,410
and unwanted ones which are then identified using SSL decryption.

24
00:02:39,410 --> 00:02:48,170
Unlike most traditional firewalls next generation firewalls also include a path through which feature

25
00:02:48,170 --> 00:02:50,810
updates will be received.

26
00:02:50,810 --> 00:02:58,820
And let's go ahead with the benefits of next generation firewalls and next generation firewall performs

27
00:02:58,850 --> 00:03:05,380
traditional firewall features like state for firewall filtering net and VPN termination.

28
00:03:05,510 --> 00:03:12,270
And it's also providing us application visibility and control.

29
00:03:12,290 --> 00:03:18,900
This feature looks deep into the application layer data to identify the application.

30
00:03:19,100 --> 00:03:27,650
For instance it can identify the application based on the data rather than put number to defend against

31
00:03:27,800 --> 00:03:31,370
attacks that use random port numbers.

32
00:03:31,370 --> 00:03:41,180
Next Generation firewall also provide advanced malware protection guys and GSW platforms through multiple

33
00:03:41,180 --> 00:03:50,540
security services not just as a platform to run a separate service but for better integration of functions

34
00:03:50,990 --> 00:03:59,210
and network based anti malware function can run on the firewall itself blocking the files files transfers

35
00:03:59,240 --> 00:04:05,900
that will install malware and saving copies of files for later analytics.

36
00:04:05,900 --> 00:04:13,920
Also next generation firewalls can provide you are L filtering this feature exam mines.

37
00:04:13,940 --> 00:04:14,720
There you are.

38
00:04:14,720 --> 00:04:24,050
Else in each rep request categorizes the URLs and either filters or rape limits the traffic based on

39
00:04:24,050 --> 00:04:25,790
rules.

40
00:04:25,820 --> 00:04:35,450
Also next generation firewalls can run their NGO IP as next generation IP as feature along with their

41
00:04:35,450 --> 00:04:36,160
firewall.

42
00:04:36,770 --> 00:04:45,830
Let's talk about the IP as intrusion prevention system also an IP address is a network security threat

43
00:04:45,920 --> 00:04:53,930
prevention technology that Exim minds the network traffic flows to detect and prevent vulnerability

44
00:04:54,020 --> 00:05:03,050
exploits while durability exploits usually come in the form of malicious inputs to a target application

45
00:05:03,080 --> 00:05:12,380
or service that attackers use to interrupt and gain control of an application or mission following a

46
00:05:12,380 --> 00:05:20,780
successful exploit the attacker can disable the target application or can potentially access to all

47
00:05:20,780 --> 00:05:30,410
the rights and permissions available for the compromised the application the IP is guys often sits directly

48
00:05:30,410 --> 00:05:39,800
behind the firewall and provides a complementary layer of analyses that negatively selects for the dangerous

49
00:05:39,800 --> 00:05:49,430
content and also I need to tell this one a IP as is not as separate hardware in today's networks and

50
00:05:49,490 --> 00:06:00,520
most of are integrated the fire was so unlike its predecessor the intrusion detection system idea as

51
00:06:01,150 --> 00:06:06,690
which is a passive system that scans traffic and reports back on threats.

52
00:06:06,760 --> 00:06:15,670
The eyepiece is placed to inline actively analyzing and taking automated actions on all traffic flows

53
00:06:15,700 --> 00:06:17,480
that enter the network.

54
00:06:17,590 --> 00:06:27,250
Specifically these actions include like sending an alarm to administrator dropping the malicious packets

55
00:06:27,550 --> 00:06:36,040
blocking traffic from the source address and resetting the connection as an inline security component.

56
00:06:36,040 --> 00:06:43,010
The IP is must work efficiently to avoid degrading network performance.

57
00:06:43,060 --> 00:06:49,830
It must also work fast because exploits can happen in near real time.

58
00:06:49,960 --> 00:06:59,020
The IP address must also detect and respond accurately so as to eliminate threats and false positives

59
00:07:02,580 --> 00:07:09,930
and the IP as guys has a number of detection methods for finding exploits.

60
00:07:09,930 --> 00:07:17,880
But signature based detection and statistical anomaly based detection are the two dominant mechanisms

61
00:07:18,450 --> 00:07:27,570
signature based detection is based on a dictionary of uniquely identifying patterns or signatures in

62
00:07:27,570 --> 00:07:33,690
the code of each exploit as an exploit is discovered.

63
00:07:33,840 --> 00:07:41,960
It is signature is recorded and stored in a continuously growing dictionary of signatures.

64
00:07:42,090 --> 00:07:47,790
Signature detection for IP is breaks down into two types.

65
00:07:47,790 --> 00:07:50,930
First exploit facing signatures.

66
00:07:50,970 --> 00:08:00,000
Identify individual exploits by triggering on the unique patterns of a particular exploit attempt.

67
00:08:00,000 --> 00:08:08,400
The IP address can identify specific exploits by finding a match with an exploit facing signature in

68
00:08:08,400 --> 00:08:10,080
the traffic stream.

69
00:08:10,080 --> 00:08:18,450
And second while liability facing signatures are broader signatures that target the underlying vulnerability

70
00:08:18,450 --> 00:08:21,730
in the system that is being targeted.

71
00:08:21,840 --> 00:08:29,490
These signatures allow the networks to be protected from variants of an exploit that may not have been

72
00:08:29,820 --> 00:08:39,090
directly observed in the wild but also raise the risk of false positives and also IP as can provide

73
00:08:39,090 --> 00:08:41,680
statistical anomaly detection.

74
00:08:42,000 --> 00:08:50,760
Statistical anomaly detection takes samples of network traffic at random and compares them to a pretty

75
00:08:50,760 --> 00:08:53,630
calculated baseline performance level.

76
00:08:53,630 --> 00:08:55,690
That is a really really cool feature.

77
00:08:55,700 --> 00:09:04,620
Guys when the sample of network traffic activity is outside the parameters of baseline performance the

78
00:09:04,660 --> 00:09:08,040
eyepiece takes action to handle the situation.