How to Find a Next-Generation Firewall for the Cloud

  /     /     /  
Publicated : 22/11/2024   Category : security


How to Find a Next-Generation Firewall for the Cloud


If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and heres how to choose.



Your software applications, as well as the data used by those applications, are your companys crown jewels. If hackers penetrate your defenses, they can steal your data, penetrate your other applications, disrupt your operations, mess up your customers -- and potentially -- land you in court.
Thats true for applications running in your on-premises data center, as well as those running in the cloud, using virtualized servers that you control -- often referred to as platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS). (See
As Public Cloud Use Increases, So Does Data Theft
.)
If you are running applications in the cloud using PaaS or IaaS, you need to protect them with a firewall thats also in the cloud -- that is, a firewall that is actually running as software instances on your cloud servers. You need a firewall whether or not your cloud applications are for purely internal access -- such as employees or as back-end processes for on-site data center applications -- or if theyre set up for external users -- such as customers or partners.
Such servers are sometimes referred to as Next-Generation Firewalls (NGFW), to distinguish them from traditional firewall products -- familiar rack-mountable boxes installed in your wiring closet, wired up between the Internet router and your local LAN switches.
(Source:
Pixnio
)
By contrast, NGFW are software applications installed onto virtual servers, and which you are responsible for licensing, installing, configuring and managing.
Sources for NGFW
So, Alan, where should I find the best NGFW? The answer, of course, is that depends.
Lets break it down in two different ways: Which cloud service or services you are using, and what you are using as a firewall for your on-premise network and servers.
Lets start by looking at the IaaS and PaaS hosts -- in particular, the best-known ones, such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure and smaller players including Rackspace, Oracle, Digital Ocean and IBM.
Each hosting company has partnered with one or more NGFW providers. For example, the
AWS Marketplace
incudes NGFW products from Palo Alto, Fortinet, Forcepoint, Cisco, Check Point, Juniper Networks, Huawei and others.
Youll find a similar selection from Google, Microsoft, ect...
AWS is unlike most of the other hosts, however, in also offering its own security system, called GuardDuty, which offers many of the same features as an NGFW. (See
AWS Adds Security Management to Growing Portfolio
.)
Each of the NGFW products is customized for the specific cloud service, and are available in a variety of licensing terms and free trial periods. However, be prepared to spend a lot of time to figure out which one of these offerings is really right for your applications -- frankly, theres no shortcut.
That brings us to the other way of slicing the issue: other firewalls you might be using.
There are benefits in running the same basic firewall engine everywhere, especially if you are in a hybrid cloud environment, where data center applications are tied to cloud applications; or if youre in a multi-cloud environment with some applications on Amazon and some on Azure.
Now entering its fifth year, the
2020 Vision Executive Summit
is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.
If you standardize on one firewall -- Check Point, Fortinet or Palo Alto -- you already have experience with the product. It doesnt matter if youre running a Palo Alto firewall hardware appliance in your data center, and Palo Alto NGFW software in the cloud -- its still Palo Alto.
If you chose a single vendors product, you may also be able to set one up one integrated administrative panel -- single pane of glass -- to integrate management and threat reports. And for another possible benefit, you might be able to save on licensing costs. You may need to contact the firewall vendor or your favorite VAR to negotiate hybrid cloud or multi-cloud pricing, instead of licensing directly through the cloud host.
So, if you are running 100% cloud-based applications in a single cloud provider, your choice is simple: Find the best value for an NGFW in that providers list of partners, click purchase and start provisioning. But if you are hybrid cloud or multi-cloud, my advice is to look for the best solution that spans all your computing environments, and standardize on that. In the long run, itll make your life a lot easier.
Related posts:
Cyber Criminals Using Hidden Tunnels to Attack Banks, Financial Institutions
Public Cloud, Part of the Network or Not, Remains a Security Concern
GDPR Should Change Your Thinking About Network Firewalls
Next-Generation Firewalls: Poorly Named but Essential to the Enterprise Network

Alan Zeichick is principal analyst at
Camden Associates
, a technology consultancy in Phoenix, Arizona, specializing in enterprise networking, cybersecurity and software development. Follow him
@zeichick
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How to Find a Next-Generation Firewall for the Cloud