The days of feeling secure by simply performing packet inspection at your network edge are long past. These SPI (stateful packet inspection) devices or firewalls were the first generation of network security that many of us first experienced in the late 1990s. In the first half of that decade, we also saw a parallel rise of devices and/or applications that performed more complicated duties such as IDS and IPS (intrusion detection and intrusion prevention). In the last six to ten years, those threat detection and remediation duties have now been rolled into DPI (deep packet inspection) devices that offer UTM (unified threat management) for your networks in a single device. These very powerful firewalls are now fast and capable enough to inspect all seven layers of network traffic to block threats of all types at the network perimeter.

Upgrade Your Front Door

Today every network connects to the Internet, and every network needs good perimeter defenses; this is, in effect, the lock on the front door. Firewalls serve as the first layer of your defense system and stand between you and the outside world of the Internet. For many years, firewalls simply performed SPI. This means that each data packet’s header is examined to verify its validity. Unfortunately, this is roughly akin to asking people at the airport if they are carrying a weapon and then taking them on their word. Trust but verify. These limited SPI capabilities are what you see in the $49 SPI firewalls or integrated in your cable or DSL modems, though some wireless routers improve upon this basic functionality. Read more