Cloud computing has changed the world immensely. Many companies have started to migrate corporate data and applications to the cloud. With no fixed perimeter to protect, the interaction between users and enterprise hybrid environments has become much more complex.
Given this new computing environment, there are many questions for security teams to work through: What solutions can help companies effectively deal with security problems when managing remote employees? Is it possible to protect traffic using cloud computing? How have targeted cyberattacks such as advanced persistent threats influenced the development of next-generation firewalls (NGWFs)? And, how can Firewall-as-a- Service (FWaaS) help organizations?
Network down means firewall down
For a long time, firewalls and computer networks have been inseparable. No corporate network could function without a border guard security system — the perimeter that protected the company's critical assets. The proliferation of web protocols and their use by hackers for targeted attacks using malware hidden in encrypted traffic has spurred the development of NGFWs. Such solutions included a firewall and unified threat management services. They offered multi-layered security and deep packet inspection to help organizations better understand and control application performance and prevent web-based attacks.
Cloud computing changed the world
That all changed with cloud computing. Cloud service providers offered organizations a solution that was impossible to ignore: Unlimited computing power and storage capacity with lower operating costs, combined with the ability to quickly scale business operations, all without installing additional office equipment. With no fixed perimeter to protect, the interactions between firewalls and networks have now become more complex. Although cloud providers offered basic security, it was inferior in effectiveness to on-premises firewalls, especially NGFWs. This problem got aggravated during the pandemic because of the rapid transfer of employees to remote work, which had several consequences:
- Remote users were forced to redirect all outbound traffic to centralized firewalls over expensive MPLS connections, resulting in degraded network performance due to latency.
- Remote users who connected directly to the cloud often bypassed local security systems. Because the firewalls did not see the traffic from these remote users, the security team could not control it.
- Implementing security appliances and replicating firewall policies at each remote site has significantly increased capital and operating costs. In addition, such hardware does not scale to accommodate the growing volume of user traffic.
- On-premises firewalls have had difficulty interacting with native cloud solutions such as secure web gateways (SWG) and cloud access security brokers (CASB), which has hampered the deployment of secure access service edge (SASE) technologies.
The scattering of workstations increases the scale and diversity of the threat landscape. According to a report by McAfee Labs, the volume of malware threats recorded in the first quarter of 2021 averaged 688 per minute, an increase of 3% (40 threats per minute) compared to the last quarter of 2020.
SWG and CASB solutions can effectively deal with the security issues inherent in web and SaaS traffic, respectively, but how can organizations ensure the safety of the rest of the data flow? This is where FWaaS systems come in handy.
At its core, FWaaS functions as a cloud-hosted firewall. It offers all the features of NGFW like advanced packet inspection, application-level filtering, intrusion detection and prevention, advanced threat protection, and more. At first glance, FWaaS migrates a NGFW to the cloud, but the business benefits of this model are broader and more relevant to today's workforce. Here are some of them:
- Support for remote employees and protection from local internet connection interruptions thanks to direct connections to the cloud; as a result – reduced network delays and improved user experience.
- There’s no need to redirect traffic from remote sites to centralized firewalls over VPN and expensive MPLS connections; as a result - reduced deployment costs.
- Significant cost savings because of the absence of the need to install equipment in branch offices.
- Aggregation of network traffic from local data centers, clouds, remote branches and users with the provision of centralized visibility and uniform application of policies to all objects.
- Easy scaling that takes into account rapidly-changing traffic volumes and the need to scan encrypted traffic for threats and malware.
- Centralized update and patch management; as a result – reduced operating costs for repetitive tasks.
Despite the variety and magnitude of threats, FWaaS can help companies effectively tackle security challenges by offering advanced threat protection, intrusion detection and prevention, and also a host of other relevant functions for improving the security of remote employees. At the same time, the system lets companies save a lot of money because it no longer needs to buy, install, and support additional equipment in remote offices.
Alex Vakulov, independent info-sec consultant