Network firewalls will need to evolve alongside the zero-trust security approach and secure access service edge (SASE) frameworks, according to Fortinet VP Nirav Shah.

Gartner estimates 99% of next-generation firewall (NGFW) breaches are not from hackers, but are caused by misconfigurations – and usually that means a dashboard is too complex and doesn’t integrate well with other technologies or policies that can’t be aligned.

That said, network firewalls have to work well with security policies like zero trust in order to maintain standardized security across a stack, Shah explained in a vendor webinar. “There are some really important innovations that firewalls need to handle and one of them is zero trust,” he said.

For example, Fortinet’s zero-trust framework regulates traffic around critical data and components by forming “microperimeters.” At the edge of each microperimeter, segmentation gateways monitor the entry of people and data and apply security measures before granting access using a firewall.

Shah said as zero trust becomes increasingly mainstream, firewall “policy and context become paramount.”

Fortinet recently introduced its latest custom Application-Specific Integrated Circuit to power its next generation of entry and mid-range FortiGate firewalls. The vendor touted the new chip as offering better firewall performance, faster encryption for zero trust and SASE use cases, while enabling it to build better systems for the network edge.

Convergence spreading across industries is another key factor driving the need for firewall evolution, Shah noted. With supply chain issues, economic uncertainty, and cybersecurity skills gaps, enterprises need to think “strategically about consolidating and making [their] network more robust.”

Gartner’s SASE framework aims to consolidate cloud-delivered networking with security functions including zero-trust network access (ZTNA) and firewall-as-a-service (FWaaS).

Shah said next-gen firewalls can help enable ZTNA as a requisite of SASE’s security piece, security services edge (SSE) – such as in the case of the vendor’s FortiGate NGFW product including ZTNA as part of the FortiSASE service.

“You don't need 10 to 15 different point products for security and for networking. Many of this functionality is going to converge so that it's simplified and has standardized security everywhere,” he said. “We predict this is where the market is going, bringing the SASE and your next-generation firewall together.”