There are three areas of difference – security functions, operations, and performance. The security functional elements correspond to the efficacy of the security controls, and the ability for enterprises to manage risk associated with network traffic. From an operations perspective, the big question is, “where does application policy live, and how hard or complex is it to manage?” The performance difference is simple: can the firewall do what it’s supposed to do at the throughput it’s supposed to do it?   The Ten Things Your Next (Generation) Firewall Must Do are:

1. Identify and control applications on any port.
2. Identify and control circumventor.
3. Decrypt outbound SSL.
4. Provide application function control.
5. Scan for viruses and malware in allowed collaborative applications.
6. Deal with unknown traffic by policy.
7. Identify and control applications sharing the same connection.
8. Enable the same application visibility and control for remote users.
9. Make network security simpler , not more complex with the addition of application control.
10. Deliver the same throughput and performance with application control active

Users continue to adopt new applications and technologies – and the threats carried by them. In some organizations, obstructing the adoption of new technologies can be a career-limiting move. Even when it isn’t, applications are how employees get their jobs done, or maintain productivity in the face of competing personal and professional priorities. Because of this, safe enablement is increasingly the correct policy stance. But to safely enable these applications and technologies, and the business that rides atop them, network security teams need to put in place the appropriate policies governing use, but also controls capable of enforcing them. The ten things listed here are critical capabilities for putting the necessary controls in place – especially in the face of a more varied and rich application and threat landscape. Without the network security infrastructure to cope with that variety and depth, security teams cannot safely enable the necessary applications and manage risk for their enterprises