Strengths: Easy to set up and changes occur across the managed infrastructure in real time.
Weaknesses: A bit pricey for premium support.
Verdict: A powerful tool with a clear and important mission that it fulfills well. We make this our Recommended product this month.
FireMon, the virtual firewall folks, acquired 40Cloud in October 2016 and the addition of an infrastructure management tool that goes beyond the firewall has obvious benefits. This new arrangement between FireMon and 40Cloud certainly is poised to provide those benefits.
40Cloud is a cloud infrastructure security broker (CISB) application. This is a type of network security application focused on scaling security operations in public and hybrid IaaS deployments. It provides three general functions: network segmentation and security, abstraction, and automation and orchestration. Each of the functions works with the others to provide comprehensive security management for cloud environments that provide infrastructure as a service.
40Cloud provides agents and gateways that install in the virtual environment. Gateways provide router and firewall functionality in the form of gateways. The abstraction layer unifies multiple cloud platforms under a single set of policies. That allows administrators to configure policies that will reflect universally instead of needing to recreate policies every time a new device is added to the enterprise. Automation allows automatic discovery of resources and auto-detect changes.
The gateways are installed on Ubuntu servers and any cloud platform is supported. The gateways support most physical or virtual firewalls. 40Cloud uses microsegmentation to perform workload segmentation down to the individual workload level. Once we had the gateway configured - a trivial task, actually - we dropped into the dashboard. Gateways talk to each other and each gateway talks to its own devices, each device having an agent that registers with its gateway.
The landing page, or dashboard, is a network map showing each gateway and the devices it manages. Drill-downs let you manage assets and applications at increasing levels of granularity. Configuration is real-time so if you change a gateway's configuration the change will be reflected immediately in all of the devices. Because microsegmentation lets you micromanage devices and applications against common policies, this really is a one-click configuration.
We found the tool convenient and easy to use. Setup was fast and straightforward. The documentation is a bit more complete than we are used to seeing for cloud-based systems, which usually assume that since there are cloud engineers to support you, you need no docs. We don't agree. When you are connecting something into a complicated environment and that something is intended to manage (or broker) security - such as managing firewalls - it is important to have the documentation necessary to understand what is going on. Apparently, FireMon agrees with us.
Pricing for the product is very reasonable, we found the website informative and there is a variety of support options - from free basic support, included with the annual subscription price, to full 24/7 services complete with a block of support hours included. There also is a managed services program available. The support center is not accessible from the website. We were about to object to that when we found that, instead, it is available with a mouse click from the product's console. That is a lot more convenient and we liked that a lot.
We found the premium support a bit pricey at $3,000 per month for 24/7 support, but when you consider that there also is a block of pre-paid support hours included it is not so bad after all. This is the kind of security management tool that the cloud needs. The inability to manage security in public clouds as completely as we usually would like is overcome in large measure by 40Cloud.