In my research on Adaptive Security Infrastructure and Context Aware Security, I have concluded that future information security policy enforcement points must move security policy enforcement “up the stack”. As we move to virtualize our data centers and adopt cloud-based computing platforms, security policy can no longer be bound solely to physical attributes such as IP address or device.
Firewalls are evolving to become adaptive and adding context awareness beyond their traditional dependency on physical attributes (whitelisting of IP addresses, and port/protocol combinations) and adding application, identity and, in some cases, content awareness. This requires deeper inspection of the incoming network traffic stream to map these to logical identities, applications and understand the content they carry.
So far so good.
At some point, shouldn’t we stop calling them “firewalls”? The term “next-generation firewall” is better, but that’s kind of like calling an automobile a “ a next-generation (or horseless) carriage” – defining something new in terms rooted in the past. At some point, people understood that automobiles were something quite different and warranted a new word to describe them.
Lacking a better word, the term firewall is being applied to anything that implements security policy at any layer. For example, Web Application Firewalls, Application firewalls, XML firewalls, Database firewalls, SOA firewalls, Memory Firewalls (remember Determina?) and so on. I’m not sure that adds clarity either except the word firewall becomes shorthand for pretty much anything that implements a security policy.
At some point, aren’t the capabilities of emerging context-aware and adaptive security policy enforcement points different enough that we use another term that more accurately describes what they are?
Category: next-generation-security-infrastructure virtualization-security
Tags: adaptive-security-infrastucture next-generation-data-center next-generation-security-infrastructure virtualization-security
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.