Aviatrix recently announced the availability of its Distributed Cloud Firewall, redefining network security for the cloud. The Distributed Cloud Firewall distributes both inspection and policy enforcement into the natural path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services. A centralized programmable interface creates and pushes policies wherever required across any multicloud environment. Cloud aware policy creation is simpler and streamlined, leveraging dynamic cloud workload identity tags and attributes instead of static IP addresses, and abstracts how and where policies are enforced by programmatically configuring native cloud services where required. The Distributed Cloud Firewall dramatically improves network security scalability, operational simplicity, agility, and costs for any single or multicloud environment.
Reinventing the Firewall for the Zero-Trust, Perimeterless Cloud
Modern cloud application workloads are containerized and ephemeral. They are designed for direct to internet and service mesh network connections. They require elastic scale and rely on native cloud platform-as-a-service (PaaS) services and API gateways, which break both traditional centralized and agent-based network security approaches in the cloud. Further, from a policy creation perspective, security teams can no longer define policies based on IP addresses because IP addresses constantly change in these dynamic application environments. Cloud infrastructure delivery must shift to the rapid release cycles embraced by applications teams, including DevSecOps automation and CI/CD pipelines. The primary reason enterprises migrated to cloud in the first place was to reduce traditional on-premises infrastructure deployment time from weeks/months to minutes/hours in the cloud. The traditional hardware appliance operational model, born for on-premises data center era architecture, is not feasible to meet the software-defined agility expectations of cloud.
What’s needed is a new approach – one with an architecture built from the ground up to support a cloud operational model and agile, perimeterless cloud environment – a distributed cloud firewall.
The Requirements to be a Distributed Cloud Firewall
A distributed cloud firewall is modern network security done right for cloud, delivering enterprises what they need to secure the cloud. A distributed cloud firewall has unique requirements:
- Distributed Enforcement Embedded into Natural Cloud Traffic Flow – It sees everything; it’s not bolted on. Inspection and policy enforcement is embedded into the native cloud infrastructure and natural application communication flows, so all traffic is seen, and traffic does not have to be redirected to centralized inspection points, eliminating bottlenecks and automatically scaling with application environments.
- Centralized Policy Creation – Cloud aware policy creation abstracts how and where policies are enforced using dynamic cloud native application workload identity tags and attributes, instead of static IP addresses, through a single, programmable interface that pushes policies where required across any multicloud environment.
- Cloud Operational Model – Enterprise owned and operated, it must deliver full visibility and control, elastic auto-scaling to match application requirements, be fully programmable with industry standard infrastructure as code automation, and included in DevSecOps CI/CD pipelines.
- Native Cloud Network and Security Orchestration Consistent Across Multicloud Environments – It supports native cloud APIs for both cloud network and cloud security orchestration to abstract underlying cloud infrastructure complexities, create consistency across cloud service providers, and avoid conflicts between networking and security configurations.
- Advanced Security Services Consolidation – More than basic firewalling, it supports microsegmentation, network isolation, automated threat detection and mitigation, anomaly detection, vulnerability scanning, cloud workload risk scoring, L7 decryption and inspection, full traffic visibility and audit reporting. Solutions must maintain a separation of networking and security duties through role-based access control, all embedded into native cloud infrastructure and operations.
“It’s time to reinvent network security, again,” said Steve Mullaney, President and CEO at Aviatrix. “Bolting on-prem firewalls onto a cloud network and trying to steer traffic to them is not effective for cloud, it’s just not how the cloud operates. The cloud is perimeterless, agile, dynamic, and scale-out by design. Network security must follow – it must be distributed and embedded into the network to deliver a true zero-trust, agile environment. Aviatrix’s Distributed Cloud Firewall is going to dramatically change the cloud security game for our customers and save them a lot of money in the process.”