True Next-Generation Firewall

Regain control of the network

Managing network security has grown exponentially complex over the last few years. Applications pierce through the old-generation firewalls, BYOD makes it difficult to control what is running on the inside of your network and Cloud usage makes borders fuzzy.

The market is crowded with Unified Threat Management and Next-Generation Firewall appliances but far from all products are as good as their marketing message.

The security challenge for companies today


... of enterprises had a security breach in 2014


... of small businesses had a security breach in 2014


... expect incidents to increase in 2015

Why modern networks need new generation of security products

Managing modern Cloud-based networks increases the management complexity exponentially with its unclear network borders. At the same time, Bring Your Own Device (BYOD) removes traditional control mechanisms. To make an already difficult situation worse, applications have evolved and become more pervasive, piercing through the firewall over common Web-ports, such as port 80 and 443, leaving the network and security managers unable to rely on their legacy firewalls to keep them safe.



Unmanaged devices is a challenge for administrators and often leads to uncontrolled application sprawl. BYOD puts additional demand on having efficient and granular network control.


Cloud - The Borderless Network

As more and more organizations use Cloud-based services, it becomes increasingly more difficult to define strict policies based on “inside” and “outside” of the network.

Evasive Application

Evasive Applications

Almost all applications today use the Web ports (80 and 443). Applications punche holes in the traditional port-based firewalls, which does not differentiate between regular Web usage and unwanted applications.

Cyber Criminals

Cyber Criminals

Cyber vandals or cyber criminals target vulnerable companies that are using out-dated security products, either for financial gain or out of sheer maliciousness.

Single-purpose devices, UTM or NGFW?

There is a wide range of products offered on the market today. What is the difference between each one of the solutions and how do you tell the difference between good marketing and good products? Here is an overview of the three main approaches for network security gateways.

Single-Purpose devices

  • Very costly approach and requires extensive administration.
  • Correlating logs and event information from many units of different type and brand becomes difficult and time-consuming.
  • Costly and time-consuming maintenance, including hardware life-cycles, High Availability (HA) clusters, software patching, training and more.


  • Comprehensive feature-set helps to consolidate to fewer units and is more cost effective than single-purpose devices.
  • UTM devices are often designed for Small-Medium Businesses and lacks granularity of how policies are configured to match medium-sized businesses and enterprise customers.
  • Very common that application control is based on a weak IPS engine with application signatures, which leads to a reactive solution and poor coverage of advanced applications.


  • Takes the best from UTM devices with regards to consolidation of multiple boxes, but adds granular configuration and a real application control engine.
  • Several NGFW products lacks the robustness of enterprise-grade firewalls in favor of application control being the primary defense feature.
  • Application Control often only identify the application, not the actions inside the applications or enable policies based on meta-data.

Clavister True Next-Generation Firewall

Clavister True Next-Generation Firewall is a unique combination of a rock-solid firewall and state-of-the-art next generation features, such as Deep Application Control that enables control of In-App actions and meta-data extraction.

Mature and Robust Enterprise Firewall

Clavister has more than 18 years of experience and maturity of its technology.
More than 250.000 installations worldwide, including some of the most demanding enterprises and telecom operators in the world.

Read More

Deep Application Content Control (DACC)

Clavister DACC goes beyond normal application control and offers the ability to see and control individual features and actions inside the actual application. This includes extracting meta-data, such as tags related to a YouTube video or name of a file being transfered using Dropbox.

Read More

User Awareness and Control

Clavister has a wide range of features to authenticate or seamlessly identify users. This enables a more powerful control but also event log/reporting capability. Rather than focusing on ports, IP addresses and similar traits, the security policies can be based on who the user is regardless of where in the network the user is currently located.

Read More

Flexible Configuration and Scalability

Clavisters products can be fine-tuned using very detailed and object-based configuration format. This ensures that the product can match your needs and adapt to it rather than vice-versa. This is critical for a seamless integration with your network without compromises.  

Read More

Powerful Reporting and Actionable Intelligence

Sustainable security requires constant improvements. To understand the traffic in your networks and identify risks and improvement areas it is necessary to easily analyze historical and real-time events. For this reason Clavister products comes with a powerful reporting and log analyzis solution integrated with the management interface. 

Read More

Download Solution Brief

Read more about our True Next-Generation Firewall solution.

Read More