This month is my 10 year anniversary since discovering Untangle, and has given me some time to reflect on what the internet looked like 10 years ago, what it looks like today, and what it will look like 10 years from now. Thinking about this has inspired me to re-evaluate if Untangle still meets my needs or not, and what things I would like to see in future offerings from all NGFW vendors.
I'd first like to give a shout-out to this page, which opened my eyes to the very obvious truth that the NGFW is dead:
https://www.anitian.com/the-ngfw-is-dead/
10 years ago, we transitioned our security posture off of the endpoints and became increasingly reliant on NGFW's. Today, as network boundaries are becoming fuzzier, the ability for the NGFW to be useful is becoming increasingly blurred. As an example, 10 years ago, most of my clients were running internal email servers. Today no one is. While the spam filtering on cloud email hosts is far far better than spam-assassin was (remember tuning bayes scores, anyone?), it's a great example of the phenomenon of the "Death of the NGFW." I no longer control my perimeter as far as email is concerned. The perimeter of security is now at the endpoint.
Secondly, as Let's encrypt has made it so effective and easy to obtain trusted certs, most of the web is now encrypted. While we can set up MITM using SSL Inspector, employing that for every site on the web is very heavy handed and has potential unwanted consequences. Again, the perimeter of security is now at the endpoint.
Thirdly, 10 years ago, most websites targeted a specific topic, and the content stayed within a specific range of acceptability. Today, one domain or site can contain such a wide array of different content (think YouTube, eBay, Amazon, Reddit, etc.). URL based filtering is so far off the mark today and doesn't solve the problems we are facing today.
There's not much an NGFW can do for the first 2 points. But to my third point, I think that for Untangle to stay relevant for the next 10 years, there needs to be a fundamental transition to Web Filtering. Besides for URL based filtering, content needs to be filtered dynamically based on keyword and page content, as well as skin tone content. This means that pages that exceed a certain percentage of words, or have a certain percentage of skin tone, should be blocked based on the current content on the page. Furthermore, the option to color in skin tone with another color (e.g. gray) in all images would be a welcome feature (as there's no need to see the woman in a bikini when I go to a banking site). I know this is difficult due to SSL (my second point earlier), but maybe together as a community, others of you out there will join me in putting our heads together to find ways to keep our kids, schools, and ourselves sane in an increasingly insane world.