What happens if a user downloads a file from the internet and was classified to be benign or unknown as at the time of download based on the live security feed(s) your security appliance synchronizes with, even your sandbox did not see it to be malware infected and the file was allowed to go through.
Later on, your NGFW receives update that classifies the file SHA to be malware. What happens next? The file has already slip through before the NGFW receives an update that classifies it as malware.
NGFW should be able to keep the SHA sum record of files that are classified as “Unknown” or “benign” which are allowed through the appliance for some days. Therefore, if new security updates are received that classifies any of the allowed unknown files as malware, the NGFW at least should be able to retrospect by alerting the administrator with details such as username, IP address, MAC Address etc. of the User/PC that requested the file that has now been re-classified as malware, including the time of download (After).
To take it further, your NGFW should be able to coordinate with the Enterprise Network Access Control (NAC) solution to automatically put the infected PC into quarantine state on the network.
No NGFW can give you 100% protection from malware, but what insight can your NGFW give you or what can your NGFW do aftermath a malware slip-through.
Ayorinde Ajibola Kusimo is a seasoned network security expert with seven years’ experience in design and implementation of network security solutions such as Next Generation Firewall (NGFW), Web/URL Security Solution, Intrusion Prevention/Detection System (IPS/IDS), Malware Protection System, Network Access Control (NAC) Solution etc.
In order to add value to the cyber community, I also have a website through which I share my technical experience in a practical way. I have so far published several network securities “how to” on my website and also uploaded several videos to my YouTube channel.
Professional Certifications: CCIE Security, CISSP, ISO 27001 LI, CCNP Routing and Switching, CCDA, CCSA, SSFAMP, SSFIPS, CEH