Firewalls have been part of computer security in some form since the 1980s. Borrowing their name from the literal walls that are designed to confine fires to avoid them spreading, a computer firewall acts as a virtual barrier that stands between a trusted network and an untrusted one, such as the internet.
Broadly speaking, firewalls work by monitoring and controlling any network traffic that’s either coming or going, according to a set of predetermined rules. Firewalls frequently filter out dangerous (or potentially dangerous) traffic, as well as carrying out proxying, port blocking, and IP and domain name blocking.
As with every area of computing, firewalls have come a long way since their inception. The technology continues to develop according to not just changing technological capabilities, but also in response to new threats and — particularly appropriate in pandemic times — new workplace demands. It’s here that tools like Firewall-as-a-Service (FWaaS) enter the picture.
Enter Next-gen Alternatives
To cope with such changes, companies deploying firewall solutions have developed Next-Generation Firewalls (NGFW). A Next-Generation Firewall carries out the “traditional” applications you’d expect to find in a firewall, but augments this with other abilities — such as being able to block application layer attacks and assorted types of advanced malware. Some of the advanced features you’d expect to find in a NGFW include application awareness and the ability to both see and block applications that pose a risk, integrated intrusion prevention, threat intelligence sources, and techniques for addressing security threats as they evolve.
One particularly powerful type of next-gen firewall is what is known as FWaaS, which refers to a cloud-based firewall that’s hosted by a third-party vendor instead of on the premises of an organization. For this reason it’s also sometimes called a cloud firewall, and is accessed via the internet.
FWaaS has many advantages over legacy firewall solutions — which, believe it or not, continue to be utilized by many in the industry. There are three major advantages to FWaaS which have greatly increased its usage among those who need state-of-the-art firewall capabilities.
Advantages of FWaaS
One advantage involves firewall capacity. Where the protection legacy firefall appliances offer is limited to their physical capacity, FWaaS is far more elastic in its offerings. This means that, rather than making organizations choose between security and cost efficiency (because protecting increased traffic loads can mean having to upgrade offerings), users of FWaaS can scale their cloud infrastructure according to the demands of that moment. As convenient as it would be if demand was predictably consistent, the reality is that organizations experience demand in bursts. What is therefore required from an effective 21st century firewall service is one that will allow the organization to absorb these traffic bursts when required — and without costing the user a massive premium in upgrades in order to accommodate.
Ease of Management
A second benefit of FWaaS is its ease of management. Legacy firewalls require manual sizing, patching, configuring, and deployment. This makes streamlined management and ease of use a major challenge. FWaaS, on the other hand, is maintained by the service provider, who can manage the service policy in a way that saves on time. Since issues like configuration and patching problems can cause bigger headaches than just wasted time (read: think major security lapses), this isn’t just a time-saver, but also potentially substantially more.
One third advantage of FWaaS relates to security posture. This refers to the overall readiness of an organization’s cybersecurity capabilities — including visibility of the security status of its various hardware and software assets, and the measures in place to detect and respond to attacks. As with ease of management, legacy DIY systems required a big dose of IT involvement — with internal teams having to assess the relevance and impact of new signatures from IPS (intrusion prevention system) vendors, then test them on live traffic, before deploying them. Much of the time these wound up being ignored by overworked IT teams without the capacity to properly utilize them.
There’s no such problem with FWaaS, however. Once again, providers will evaluate emerging threats on the cyber security landscape, then build, test, and deploy the new rules. Users have to do nothing other than benefit from the enhanced security on offer.
FWaaS is a game-changer. However, it’s only one of myriad game-changers that are currently transforming the way that cyber security is practiced as experts build security systems and tools designed to safeguard for the future.
FWaaS is one part of SASE next-generation security. For those unfamiliar with it, SASE stands for Secure Access Service Edge. It combines FWaaS capabilities with zero trust network access (ZTNA), CASB (cloud access security broker), cloud SWG (secure web gateway), WaaPaaS (web API protection as a service), and secure network capabilities like SD-WAN.
SASE is shifting the world of cybersecurity in a big way. FWaaS represents a key part of that. By deploying these tools, organizations can benefit from a level of protection and security that would have been unthinkable just a few years ago.