Talking about a revolution?

Fortinet's Paul Judd airs his beef on the firewall industry as he takes over CRN's guest blog for the week.

Listen to some in the market and they'll tell you a "firewall revolution" has been going on, whereby applications can be identified based on their content distinguishing, for example, between peer-to-peer (P2P) applications and hosted business applications.

While this represented a new way to identify applications, you can hardly call it a "revolution" because other security technologies have been doing this type of detection for quite a while, including intrusion prevention/detection systems (IPS/IDS).

With IPS/IDS technologies, the ability to distinguish between multiple applications on a common protocol employs exactly the same principle as what is proposed with the "next-generation firewalls". The new "revolution" wasn't a revolution at all but instead, just a new way to use existing capabilities.

It seems disingenuous and just plain marketing hype to say that extending the application identification technology as part of a firewall policy is revolutionary. What is really happening is the evolution of the firewalls to meet the application evolution.

A more exciting trend has been the integration of content-based security technologies into the firewall; something that was previously thought to be impossible. What matters is identifying threats within the application content, irrespective of the application; not just a new way to identify an application and allow or deny it.

A security solution that harnesses the power of application control and content-based security enforcement is the true state of firewall technology innovation. That's if you agree that firewalls are deployed as defence mechanisms to eliminate threats, rather than just simply to manage "allow-or-deny" controls for application access.

Paul Judd (pictured) is regional director for UK, Ireland and South Africa at Fortinet.

Read his thoughts all this week on Views from the Channel.