Sei sulla pagina 1di 3

Forrester Thought Leadership November 2015

Executive Summary
Commissioned By Fortinet

Your Best Defense: Next-Generation

Firewalls Enable Zero Trust Security

Security professionals are tasked with defending their organizations from

internal and external threats at a time when those threats are more
sophisticated, numerous, and unpredictable than ever before. Traditional
security controls that were once effective are now insufficient to protect
organizations from todays highly skilled cyberattackers.
This is a summary of results
In todays threat landscape, it is not enough to protect the perimeter, relying on a from the Fortinet-
trust but verify approach. The only way to ensure a malicious user isnt granted commissioned Thought
access to your network under the cover of trusted traffic is to assume a Zero Leadership Study, Your Best
Trust model, in which all network traffic is untrusted. Defense: Next-Generation
Firewalls Enable Zero Trust
Next-generation firewalls (NGFWs) are a critical component of the Zero Trust
model, allowing security professionals the flexibility to place protection at the
data level and effectively defend against the rapidly changing threats
organizations face today.

Eighty-seven percent of IT security professionals surveyed reported their organizations have Fortinet commissioned this
experienced at least one breach within the past 12 months. study to examine the
purchase and implementation
considerations, as well as the
challenges faced, for next-
Key Findings generation firewalls.
Forresters study yielded the following best practices for NGFW evaluation:
To explore this topic, Forrester
conducted a quantitative
survey of 150 IT security
professionals at midlevel
Thoroughly test organizations with next-
Conduct an
solutions within generation firewall
honest internal
your own implementations.

Deploy NGFWs in
Identify and vet a front of your
wide cast of organizations
vendor solutions. most sensitive
Next-Generation Firewalls Are The Cornerstone Of Zero Trust
In a Zero Trust network, next-generation firewalls act as segmentation gateways. Unlike traditional firewalls,
NGFWs can be placed at the center of the network in front of the data they need to protect rather than at
the edge of the network, which is a core tenet of Zero Trust.

How effective was your NGFW in protecting Database/content/data management system

against the following threats? compromises, mobile application intrusions,
(Respondents indicating extremely effective) web/software application exploits, malware, and
Database/content/data management operating system vulnerabilities, among other types of
system compromise N = 79 breaches, threaten enterprise networks every day.
Mobile applications intrusion Because NGFWs can be deployed in front of sensitive
N = 82 63%
data, they are very effective at protecting against these
Web/software applications
exploits N = 90 54% threats.
Malware (i.e., viruses, worms,
botnets) N = 79 53% NGFWs take security controls found in individual point
Drive-by downloads products (firewalls, intrusion prevention systems, web
N = 46 52%
application firewalls, content-filtering gateways, network
Operating system
vulnerabilities attacks N = 90 51% access controls, VPN gateways, and other encryption
Denial of service attacks
products) and embed them in a single solution.
N = 55 47%

Positioning a NGFW at the center of the network
N = 61 provides visibility into data access and greatly increases
Vandalizing of website or
your chances of discovering an intrusion before it
manipulation of site content N = 62
escalates into a data breach. Fifty-six percent deployed
NGFWs in front of dedicated network segments, effectively creating microperimeters, and 49% deployed
them in the data center an indication that midlevel enterprises are well on their way to adopting Zero Trust.
As you plan your NGFW implementation, it is important to identify key points in your network for deployment.

According to a recent Forrester survey on global security trends, 50% of midlevel US organizations had implemented NGFWs or had
plans to expand their implementation, and another 22% planned to adopt NGFWs within the next 12 months.

Next-Generation Firewalls Are The Cornerstone Of Zero Trust

Before implementing a NGFW, it is important to weigh business and technology considerations, have in-
depth insight into your current environment, and fully evaluate and test vendor solutions. Some lessons
learned from study participants include:

Understand the infrastructure, staffing, and budgetary implications of implementing a NGFW. The
security pros surveyed weighed technical factors as well as cost, implementation time, and the IT resources
needed to manage the solution. Be sure to conduct a thorough assessment of all implications of a NGFW

Conduct an honest internal evaluation. The vast majority placed high priority on all NGFW features during
the evaluation phase. But most respondents only used select features once they were implemented, with just
antivirus and application control capabilities used by more than 50% of respondents. If you are running point
products with capabilities redundant with a NGFW, beware you may encounter inefficiencies.

Identify the contenders. Nearly two-thirds would consider a broader selection of vendors if they could do it
again. Identify the NGFW vendor solutions that best fit your requirements, and use product demos, a proof of
concept, bake-offs, and third-party testing to generate your shortlist.

Test before you buy. Seven out of 10 survey respondents said if they could go back in time, they would do
more extensive testing of capabilities. Be sure to thoroughly test solutions in your own environment.
What would you do differently if you had to select and deploy an NGFW again?
(Select all that apply)

More extensive testing of capabilities 71%

Consider a broader selection of vendors 61%

Outsource this security function 56%

Check third-party test results 51%

Zero Trust is becoming widely adopted by leading, cutting-edge organizations. As data breaches continue to
devastate businesses and governments, more security organizations are under pressure to create new ways of
protecting their critical data by turning to a Zero Trust data-centric network security model powered by NGFW

Next-generation firewalls are a key

enabler for implementing and applying
Zero Trust concepts. However, its more
than a matter of just deploying a NGFW.
As you embark on your Zero Trust journey
and begin to evaluate NGFWs:
1 2 3

Evangelize Start a cross- Map out your

Zero Trust to functional data flows.
gain internal Zero Trust
support. working group.

To read the full results of this study, please refer to the Thought Leadership Paper commissioned by Fortinet
titled, Your Best Defense: Next-Generation Firewalls Enable Zero Trust Security.


Forrester Consulting provides independent and objective research-based consulting to help leaders
succeed in their organizations. Ranging in scope from a short strategy session to custom projects,
Forresters Consulting services connect you directly with research analysts who apply expert insight to your
specific business challenges. For more information, visit

2015, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView,
TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective
companies. For additional information, go to [1-WFUIC3]