Firewalls in buildings are fireproof brick walls that prevent fires from spreading. Similarly, network firewalls prevent the propagation of data and applications that may compromise the security of a business or home network. They work in both directions, i.e., prevent traffic with malicious data packets from entering as well as exiting the protected network.
Network Firewalls have been a fundamental building block of network security since the emergence of the internet in the late 1980s. For the next two decades, firewalls were deployed either as hardware appliances or as software on network hardware. This changed in 2009 with the development of Next Generation Firewall (NGFW) designed for Deep Packet Inspection (DPI) of network traffic. The latest manifestation of NGFW is Firewall as a Service (FWaaS). In his 2017 report titled Hype Cycle for Threat-Facing Technologies, security analyst Greg Young characterized FWaaS as an ‘On the Rise’ trend with a ‘high benefit’ rating.
What makes FWaaS a beneficial technology on the rise? Does it have any shortcomings?
Advantages of FWaaS
FWaaS is an NGFW implemented as a cloud-based service. Moving firewall functions into the cloud yields many benefits.
- Simpler Architecture: All network traffic is aggregated into the cloud, be it from remote users, datacenters or branch offices. Hence there is a single point for DPI which eliminates the tedious task of keeping distributed firewall policies in sync. Also eliminated are firewall appliances. All of a business’ locations are served by a single cloud-based firewall with an application-aware security policy.
- Scalability: Scalability of FWaaS is a byproduct of its simple architecture. Using a single firewall to process all traffic makes capacity planning simpler. Adding new sites and bandwidth changes also get easier.
- Unified Security Policy: This too is a byproduct of FWaaS’ simple architecture. The legacy firewall architecture required transport specific firewall appliances for branch offices that do not use MPLS. And, an organization may source firewall appliances from different vendors, or even different models from the same vendor. Having disparate appliances makes it challenging to maintain a uniform security policy across all of them.
- Full Visibility of Network Traffic: Web security solutions like Secure Web Gateway(SWG) protect users against internet threats like malware and phishing. Since SWG does not protect WAN traffic, a firewall for WAN becomes necessary. There is also the issue that SWGs and firewalls cannot connect mobile users to the office. To resolve these issues, a single logical network can be implemented with FWaaS and SD-WAN which gives full visibility into, and control of, both internet and WAN traffic.
- Easier Maintenance: Legacy firewall appliances required frequent software upgrades and patches. Missing or delaying updates created security risks. FWaaS firewalls are always current, so there are no risks of late or missed software updates. This frees up the IT staff to spend their time planning the future needs of the infrastructure rather than on maintenance tasks.
Disadvantages of FWaaS
The following are challenges facing FWaaS adoption rather than disadvantages of the technology.
- Resistance to Adoption: Enterprise businesses may be hesitant to move a critical function like security into the cloud. They may be willing to forego all the cost savings and operational conveniences of FWaaS and continue to stay with legacy firewall appliances.
- Concerns about Network Latency: As mentioned above, integrating SD-WAN and other cloud services with FWaaS makes it a more attractive solution for enterprises. While doing this, FWaaS providers need to guarantee a network latency that is comparable to, or better than that of legacy firewalls
The Secure, Global SD-WAN as a Service from Cato Networks addresses the concerns around FWaaS adoption by incorporating Firewall as a Service into it. This product ensures connectivity to FWaaS from any region or cloud.