Problem

Infrastructure as a service (IaaS), also known as the public cloud, is the single biggest computing paradigm to unfold since the early 2000s, when the internet boom first exploded. Just as the nascent days of the internet boom changed the way we do business, so too is the public cloud. According to research firm IDC, 80 percent of the enterprises interviewed in their CloudView 2016 report (N=11,083) are embracing or moving toward AWS®, Microsoft® Azure®, or some other public cloud platform. The size and type of projects migrating are equally significant. The public cloud is no longer an “exploration exercise.” Full production workloads are being moved, with some organizations stating that more than 50 percent of their workloads will be public cloud-based in the next five years. Others are making bold statements that they will no longer have any data centers within five years.

The move to the cloud is driven heavily by the business groups, and the velocity is such that, in some cases, security becomes a secondary consideration, solely because security moves in a purposeful manner, and the cloud moves at light speed. Yet no one would dispute the fact that your applications and data in the public cloud need to be protected as vigilantly as on-premise applications and data are protected. From a security perspective, the responsibility for protecting your public cloud is shared between both the provider and the user – you. It is up to you to ensure satisfaction with the steps a provider has taken to protect the public cloud environment. It is also up to you to make sure you take the necessary steps to protect your applications and data in the public cloud.

Solution

The VM-Series virtualized next-generation firewall complements public cloud security best practices and strengthens the shared responsibility model by protecting workloads with application whitelisting policies and preventing known and unknown threats within the allowed application flows.

  • Better Visibility for More-Informed Security Decisions
    The VM-Series complements default, port-based security features with application visibility across all ports, which provides far more relevant information about your cloud environment that, in turn, means you can make more-informed policy decisions.
  • Greater Control Over Your Applications
    Firewall access control policies are based on the application, forcing them to operate on their standard ports while leveraging the firewall deny-all-else premise to block all other traffic. This level of control becomes critically important as you deploy more of your business-critical workloads to the public cloud.
  • Segmentation for Data Security and Compliance
    Using application whitelisting policies allows you to control applications communicating with each other and across different subnets for increased protection against attacks and regulatory compliance.
  • Prevent Attacks Inbound and From Moving Laterally
    Today’s cyberthreats will commonly compromise an individual workstation or user and then move laterally across your physical or virtualized network, placing your mission-critical applications and data at risk. Exerting application-level control between workloads will reduce the threat footprint, while applying policies to block both known and unknown threats can stop their lateral movement.
  • Extend Protection to Remote Devices to Limit Exposure
    Integration with a wide range of user repositories introduces the user identity as a policy element, complementing application whitelisting with an added access control component. User-based policies mean you can grant access to critical applications and data based on user credentials and their respective needs. When deployed in conjunction with GlobalProtect™ network security for endpoints, the VM-Series enables you to leverage the global footprint of the public cloud and more easily extend your corporate security policies to device users, protecting them from internet-borne threats, regardless of their location.
  • Policy Consistency From the Network to the Cloud
    Panorama™ network security management enables you to manage your VM-Series deployments, along with your physical security appliances, thereby ensuring policy consistency and cohesiveness. Rich, centralized logging and reporting capabilities provide visibility into virtualized applications, users and content.
  • Automation Features to Minimize Security Induced Friction
    Native management features let you automate firewall deployments and security policy updates so that new workloads and security can be deployed in lockstep. Bootstrapping enables a fully configured firewall to be deployed in minutes, while the XML API and Dynamic Address Groups allow you to drive dynamic security policy updates as workloads change.

The VM-Series supports a range of public cloud environments, including Amazon® Web Services (AWS), Microsoft® Azure™ and VMware® vCloud® Air™.

Related Content