Out with the old, in with the new — that’s the track Aviatrix is on with a new take on the traditional firewall model, its Distributed Cloud Firewall.
The new firewall will provide relief for cloud security teams who bear the heavy load of shifting data center era firewalls into the cloud. Aviatrix admits that this task today comes with operational pain, tool sprawl and unsustainable increases in cloud costs, costs which Silverlinings has noted have spurred repatriation rumors.
So why are data center era network security solutions failing in the cloud? Well, a few reasons.
To put it simply, these bolted-on traditional firewalls (that are 15+ years old, to boot) require traffic to be “unnaturally” redirected, according to Aviatrix. The awkward state of firewalls today creates bottlenecks and increases app latency. Plus, cloud environments easily have thousands of dynamic ingress points, while traditional systems were built to support a wee number of individual firewalls — not an “endless perimeter.”
Protecting the ‘endless perimeter’
Aviatrix argued cloud infrastructure delivery must shift to rapid release cycles embraced by applications teams. This can accelerate organizations’ primary goal of migrating to cloud in the first place and comes with golden perks like controlling costs and reducing infrastructure deployment time.
But “the centralized hardware appliance operational model for network security that was born in the data center era is not feasible to meet the software-defined agility expectations of cloud,” according to Aviatrix.
The solution? Aviatrix believes a distributed approach brings inspection and policy enforcement closer to cloud application workloads and traffic flows — a cloud network security solution designed for, well, the cloud. More specifically, “distributed” refers to embedding firewall functions in the cloud network everywhere to deliver distributed inspection and enforcement.
“As enterprises have worked to modernize their application architectures and infrastructure by migrating to the public cloud, many have simply replicated on-premises firewall architectures in the cloud. This can require complex configuration, policy management and routing paths to ensure proper inspection, all of which are complicated in multi-cloud environments,” said Enterprise Strategy Group Principal Analyst John Grady in a statement.
He continued: “What’s needed is a truly converged solution that offers centralized management and distributed inspection and enforcement across multiple cloud providers.”
‘Not a rebranding exercise’
Aviatrix claims its Distributed Cloud Firewall is no simple rebranding exercise from the traditional firewall that sprang up a decade ago.
Instead, the Distributed Cloud Firewall’s distributed enforcement is embedded into the natural cloud traffic flow. Plus, centralized, abstracted policy creation will allegedly save organizations money and increase security — notably by replacing CSP Native Gateways that are expensive and provide little security value.
Distributed Cloud Firewal further ups security by supporting micro-segmentation, network isolation, vulnerability scanning and other tools embedded into native cloud infrastructure and operations, according to Aviatrix.
“Distributed Cloud Firewall is the right way to do network security in the cloud. Reduce cloud infrastructure costs and increase security—it’s a winning combination,” said Aviatrix’s Rod Stuhlmuller, Vice President of Solutions Marketing in an interview with Silverlinings.