What Is a Virtual Firewall?
A virtual firewall, aka cloud firewall, is a network security solution designed specifically for environments in which deploying hardware firewalls is difficult or impossible, such as public and private cloud environments; software-defined networks, or SDN; and software-defined wide area networks, or SD-WAN.
Like hardware firewalls, virtual firewalls grant or reject network access to traffic flows between untrusted zones and trusted zones. Unlike hardware firewalls – which are physically located on-premises in data centers – virtual firewalls are essentially software, making them ideal for securing virtual environments.
Virtual firewalls can also be deployed as virtualized instances of next-generation firewalls. These advanced virtual firewalls can inspect and control north-south perimeter traffic in public cloud environments, as well as segment east-west traffic inside data centers and branches, while inserting advanced threat prevention measures via microsegmentation – that is, by isolating workloads from one another and securing them individually.
Why Virtual Firewalls?
While a boon for speeding up innovation and lowering computing costs, virtual environments also come with a growing number of security and compliance risks not found in traditional data centers.
New kinds of attacks that bypass standard perimeter security often feast upon decentralized infrastructures where applications, data and workloads are deployed from multiple endpoints rather than a single dedicated resource, making comprehensive visibility and security difficult to attain.
The speed with which users now expect virtualized environments to provide services is another security concern. Security professionals must juggle DevOps speed with security challenges that now span dispersed environments.
The right next-generation virtual firewall can help to provide a consistent network security posture across your IT environment, including private clouds, public clouds and branch locations. Find more information on the core uses cases in 3 Virtual Firewall Use Cases.
Thinking About a Virtual Firewall? Consider Asking These Questions
Organizations investigating virtual firewall options may wish to consider:
- Does the virtual firewall provide full-scope threat prevention?
Virtualized environments need real threat prevention. Essential capabilities to look for include intrusion prevention, URL filtering, SSL decryption, DNS security, file blocking, network anti-malware and denial-of-service protection.
- Does the virtual firewall reduce attack surfaces?
Virtual firewalls often provide lateral movement protection – for traffic that flows inside the private cloud – which can reduce the attack surface in virtualized environments.
- Does the virtual firewall offer application-centric security policies?
The ability of virtualized environments to deliver applications on demand means firewalls should have application-centric security policies capabilities, such as the ability to identify any application, regardless of its classification, behavior or location.
- Is the virtual firewall capable of automated provisioning and scaling?
In some instances, virtual firewalls can be provisioned automatically to keep pace with continuous integration and continuous delivery (CI/CD) expectations, and even be provisioned directly into DevOps workflows.
- Does the virtual firewall allow visibility across environments?
The ability to manage virtual firewalls deployments in multiple virtualized environments can reduce time, effort, error and expenses.
Please visit our website for more details about how virtual firewalls can keep your virtualized environments secure for innovation and agility.