You are on page 1of 3

Forrester Thought Leadership

Executive Summary
Commissioned By Fortinet

November 2015

Your Best Defense: Next-Generation


Firewalls Enable Zero Trust Security
Security professionals are tasked with defending their organizations from
internal and external threats at a time when those threats are more
sophisticated, numerous, and unpredictable than ever before. Traditional
security controls that were once effective are now insufficient to protect
organizations from todays highly skilled cyberattackers.
In todays threat landscape, it is not enough to protect the perimeter, relying on a
trust but verify approach. The only way to ensure a malicious user isnt granted
access to your network under the cover of trusted traffic is to assume a Zero
Trust model, in which all network traffic is untrusted.
Next-generation firewalls (NGFWs) are a critical component of the Zero Trust
model, allowing security professionals the flexibility to place protection at the
data level and effectively defend against the rapidly changing threats
organizations face today.

This is a summary of results


from the Fortinetcommissioned Thought
Leadership Study, Your Best
Defense: Next-Generation
Firewalls Enable Zero Trust
Security.

METHODOLOGY

Eighty-seven percent of IT security professionals surveyed reported their organizations have

Fortinet commissioned this

experienced at least one breach within the past 12 months.

study to examine the


purchase and implementation
considerations, as well as the
challenges faced, for next-

Key Findings

generation firewalls.

Forresters study yielded the following best practices for NGFW evaluation:

To explore this topic, Forrester


conducted a quantitative
survey of 150 IT security
professionals at midlevel

Conduct an
honest internal
assessment.

Thoroughly test
solutions within
your own
environment.

Identify and vet a


wide cast of
vendor solutions.

organizations with nextgeneration firewall


implementations.

Deploy NGFWs in
front of your
organizations
most sensitive
data.

Next-Generation Firewalls Are The Cornerstone Of Zero Trust


In a Zero Trust network, next-generation firewalls act as segmentation gateways. Unlike traditional firewalls,
NGFWs can be placed at the center of the network in front of the data they need to protect rather than at
the edge of the network, which is a core tenet of Zero Trust.

Web/software applications
exploits N = 90

54%

Database/content/data management system


compromises, mobile application intrusions,
web/software application exploits, malware, and
operating system vulnerabilities, among other types of
breaches, threaten enterprise networks every day.
Because NGFWs can be deployed in front of sensitive
data, they are very effective at protecting against these
threats.

Malware (i.e., viruses, worms,


botnets) N = 79

53%

Drive-by downloads
N = 46

52%

Operating system
vulnerabilities attacks N = 90

51%

How effective was your NGFW in protecting


against the following threats?
(Respondents indicating extremely effective)
Database/content/data management
system compromise N = 79

71%

Mobile applications intrusion


N = 82

63%

Denial of service attacks


N = 55

47%

Phishing
N = 61

46%

NGFWs take security controls found in individual point


products (firewalls, intrusion prevention systems, web
application firewalls, content-filtering gateways, network
access controls, VPN gateways, and other encryption
products) and embed them in a single solution.

Positioning a NGFW at the center of the network


provides visibility into data access and greatly increases
Vandalizing of website or
your chances of discovering an intrusion before it
45%
manipulation of site content N = 62
escalates into a data breach. Fifty-six percent deployed
NGFWs in front of dedicated network segments, effectively creating microperimeters, and 49% deployed
them in the data center an indication that midlevel enterprises are well on their way to adopting Zero Trust.
As you plan your NGFW implementation, it is important to identify key points in your network for deployment.
According to a recent Forrester survey on global security trends, 50% of midlevel US organizations had implemented NGFWs or had
plans to expand their implementation, and another 22% planned to adopt NGFWs within the next 12 months.

Next-Generation Firewalls Are The Cornerstone Of Zero Trust


Before implementing a NGFW, it is important to weigh business and technology considerations, have indepth insight into your current environment, and fully evaluate and test vendor solutions. Some lessons
learned from study participants include:

Understand the infrastructure, staffing, and budgetary implications of implementing a NGFW. The
security pros surveyed weighed technical factors as well as cost, implementation time, and the IT resources
needed to manage the solution. Be sure to conduct a thorough assessment of all implications of a NGFW
implementation.
Conduct an honest internal evaluation. The vast majority placed high priority on all NGFW features during
the evaluation phase. But most respondents only used select features once they were implemented, with just
antivirus and application control capabilities used by more than 50% of respondents. If you are running point
products with capabilities redundant with a NGFW, beware you may encounter inefficiencies.
Identify the contenders. Nearly two-thirds would consider a broader selection of vendors if they could do it
again. Identify the NGFW vendor solutions that best fit your requirements, and use product demos, a proof of
concept, bake-offs, and third-party testing to generate your shortlist.
Test before you buy. Seven out of 10 survey respondents said if they could go back in time, they would do
more extensive testing of capabilities. Be sure to thoroughly test solutions in your own environment.

What would you do differently if you had to select and deploy an NGFW again?
(Select all that apply)
More extensive testing of capabilities

71%

Consider a broader selection of vendors

61%

Outsource this security function

56%

Check third-party test results

51%

Zero Trust is becoming widely adopted by leading, cutting-edge organizations. As data breaches continue to
devastate businesses and governments, more security organizations are under pressure to create new ways of
protecting their critical data by turning to a Zero Trust data-centric network security model powered by NGFW
technology.
Next-generation firewalls are a key
enabler for implementing and applying
Zero Trust concepts. However, its more
than a matter of just deploying a NGFW.
As you embark on your Zero Trust journey
and begin to evaluate NGFWs:

1
Evangelize
Zero Trust to
gain internal
support.

2
Start a crossfunctional
Zero Trust
working group.

3
Map out your
data flows.

To read the full results of this study, please refer to the Thought Leadership Paper commissioned by Fortinet
titled, Your Best Defense: Next-Generation Firewalls Enable Zero Trust Security.

ABOUT FORRESTER CONSULTING


Forrester Consulting provides independent and objective research-based consulting to help leaders
succeed in their organizations. Ranging in scope from a short strategy session to custom projects,
Forresters Consulting services connect you directly with research analysts who apply expert insight to your
specific business challenges. For more information, visit forrester.com/consulting.

2015, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView,
TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective
companies. For additional information, go to www.forrester.com. [1-WFUIC3]

You might also like