Just three years ago, back in 2019, organizations were finally able to use the first virtual Next-Generation Firewall (NGFW), our VM-Series, Oracle Cloud supported. Fast-forward to today, and our industry-leading virtual firewall capabilities are now embedded into a new service called OCI Network Firewall. This firewall-as-a-service has been designed to provide an easy way to prevent network-based threats while protecting cloud workloads in Oracle Cloud.
OCI Network Firewall provides protection against cyberattacks across OCI with a new cloud-native, managed firewall service that is powered by industry-leading Palo Alto Networks NGFW technology. The firewall provides security controls, threat prevention and mitigation features, including custom URL filtering, intrusion prevention and detection (IDS/IPS), as well as TLS inspection for inbound, outbound and lateral traffic to customer workloads hosted on Oracle Cloud Infrastructure.
As a native OCI service, the OCI Network Firewall is extremely easy to deploy and manage. The service can be set up with just a few clicks and scales automatically with your network traffic, so you don't have to worry about deploying and managing any infrastructure. OCI Network Firewall is powered by Palo Alto Networks best-in-class, ML-Powered NGFW network security platform. This blocks 224 billion threats each day and delivers 4.3 million unique security updates per day.
The OCI Network Firewall massively reduces the risk of zero-day attacks to secure OCI workloads and includes Intrusion Detection and Prevention capabilities built to stop vulnerability exploits and other known evasions, like sophisticated file-based attacks. Custom URL filtering allows you to restrict inbound and outbound traffic to a specified list of fully qualified domain names (FQDN). This means your applications can continue to access the internet-based services they need while blocking everything else. SSL inspection allows you to stop threats hidden in encrypted traffic.
New OCI Security Innovations Are Built for Compliance
Oracle has added this service so OCI customers can better address regulatory compliance requirements, stay on top of security threats and concerns, and prevent security-related outages. What’s more, Oracle is expanding its cloud security capabilities with OCI Network Firewall to provide multiple layers of defense to help identify and defeat emerging threats and security violations quickly. New capabilities include filtering, inspections and more:
- Stateful Filtering: Enables customers to centrally create, allow or deny stateful network filtering rules, based on 5-tuple information (both IPv4 and IPv6), port and protocol. The firewall takes into account the context of traffic flows for more granular policy enforcement.
- Custom URL and FQDN Filtering: Allows customers to restrict inbound and outbound HTTP/S traffic to a specified list of FQDN, including wildcards and custom URLs.
- Intrusion Detection and Prevention (IDS/IPS): Network IDS/IPS enables customers to monitor network activities for malicious activity, log information about this activity, report it, and optionally block it.
- SSL Inspection: Enables customers to inspect TLS (TLS 1.2 and 1.3) encrypted traffic. This is achieved through integration with OCI Vault enabling customers to centrally manage and secure their encryption keys.
- Flexible Policy Enforcement: The network firewall instance can be transparently inserted in the traffic path using virtual cloud network (VCN) routing rules and composed with other network functions, such as OCI gateways and VCN subnets for security enforcement in arbitrary network topologies.
- Logging: Network firewall service is integrated with OCI Logging and will support enabling both traffic and threat logs for the security policy rules.
- Metrics: Network firewall service is integrated with OCI Monitoring Service and allows customers to enable alerts based on the number of blocked requests and other metrics.
To learn more about our new OCI Network Firewall, watch our video with Anand Oswal, Senior Vice President of Product for Network Security, and Yogesh Kaushik, Oracle’s Vice President of Product for Network and Security, or visit Oracle to learn more.