5 Critical Mistakes to Avoid: Choosing an NGFW in a Silo

Stephanie Johnson


Category: Firewall

This post is part of a blog series where we dive into the five critical mistakes to avoid when evaluating a next-generation firewall. Avoid these, and you’ll be well on your way to picking the right next-generation firewall.

How will you know if the NGFW you’re considering is the right one for your organization? The safest bet is to test it. But when evaluating and selecting a new NGFW, there are some common mistakes security professionals often make. One of these critical mistakes is highlighted in detail below, along with insight and recommendations to help you avoid the blunder.

Mistake #2: Choosing an NGFW in a Silo

Several teams within IT count on the firewall to effectively and efficiently perform their job functions, all of which have very different needs and priorities:

  • Networking team: hassle-free integration with current architecture, ease-of-use/deployment, network uptime.
  • Security team: seamless integration with existing security controls, better overall security, threat prevention versus detect-and-respond tactics.
  • Security operations team: single-pane management, automated features and capabilities.
  • Data center team: automated features and capabilities, scalability to meet evolving needs, single-pane management.
  • Application team: simple, fast and secure application deployment.

In a typical evaluation scenario, the firewall vendor works directly with the networking team to evaluate and implement a firewall. Accounting only for the needs of the networking team is a critical mistake with potentially dire results for other teams that rely on the firewall. For example, the networking team usually isn’t concerned with security and may prefer an option that doesn’t account for the scope of security your business demands. The security and security operations teams should be engaged early to provide input into the level of threat prevention and other security capabilities required. For the sake of overall business efficiency and success, organizations must account for the varying needs of all key stakeholders when choosing a new firewall.

To avoid choosing an NGFW in a silo, while also ensuring maximum performance, security and ROI, run a proof of concept in your organization. A POC allows you to accurately test next-generation firewalls, their affiliated services and subscriptions – either on their own or against one another – in your actual, operational IT environment, whether it is physical, virtual or a hybrid.

For more critical mistakes to avoid when evaluating a next-generation firewall, download the white paper: 5 Critical Mistakes When Evaluating a Next-Generation Firewall.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.


© 2018 Palo Alto Networks, Inc. All rights reserved.