When we talk about infrastructure, it’s not just server, database, storage – there is more to it. A typical medium to a large organization would have the following infrastructure components.
Server Load balancer Database Messaging Storage Security/DDoS protection and Firewall
In a traditional infrastructure, Firewall appliances may cost around a few thousand dollars and need a firewall admin to manage it. It’s expensive. Thanks to the managed firewall, you don’t have to buy expensive hardware appliances and hire an administrator. The managed firewall is a service where you pay for what you use, either on-demand or monthly. You don’t have to worry about the hardware. You can administer the firewall rules from intuitive GUI or command lines. Note: The following are infrastructure firewalls and not to confuse with the Web Application Firewall. Let’s take a look at some of the managed firewalls you can use to protect your production infrastructure environment.
Google Cloud Platform
Google Cloud creates default firewall rules for each VPC (Virtual Private Cloud) network. You can allow or deny connections to ingress (incoming) or egress (outgoing) rules, and they are effective immediately. It supports priority order between 0 to 65535, where the lowest rule number got the highest priority. All are managed either through the “Firewall rules” section under VPC Network or the command line. I use GCP and love simplicity.
Source support multiple options like IP ranges, sub-networks, source tag, or service accounts, and in a single line, you can give multiple port numbers. If you are already using Google Cloud, then play around with firewall rules to explore the possibilities to harden and secure the server at the network firewall level.
Perimeter 81
With Perimeter 81, you can protect corporate data flows and secure your network traffic with Firewall-as-a-service. Perimeter 81’s firewall features Network Traffic Control (NTC ) to ensure only the authorized personnel can access your cloud resources. This service manages traffic between each network user, resource, and environment. It also defines rules for when and how traffic locomotes inside networks. According to your organization’s growth, you can create, change, and apply traffic policies. With NTC, you can separate Layer 3 and Layer 4 access depending upon group identity or user and control every part of the multi/hybrid cloud network. Map your data location accurately to avoid vulnerability and low visibility. Create identity-based policies and manage them to determine how users, services, and devices use network access.
To ensure compliance and total privacy, they offer bank-level encryption, endpoint and client visibility, application and OS-level security, access and identity management, and TLS encryption. Transferring things to the cloud helps the IT department to access data from off-premises, generate the device policies, and get agility to address security challenges. It results in cost-effective cloud-based firewalls and improved security for the company. Manage and secure your network with this service starting from $8/user/month. Perimeter 81 solutions work with any cloud platform.
Check Point
A known name in the security industry – Checkpoint got the vSEC product for public and private cloud security. vSEC is available on a public cloud such as AWS, GCP, Azure & VMware, and private cloud as OpenStack, VMware NSX & Cisco ACI.
vSEC provides advanced threat protection, including firewall, IPS (Intrusion Prevention System), Anti-virus, Anti-bot, Zero-day protection, DLP (Data Loss Prevention), and application control. You can try a FREE test drive.
Barracuda
Barracuda NexGen firewall is available on the public cloud – AWS, GCP & Azure. NexGen is a full-featured firewall solution to provide network-level protection.
It acts as a network gateway between your network and the Internet and inspects all inbound & outbound traffics to protect based on the policies. NexGen firewall got a built-in SD-WAN (Software-defined wide area network) to connect the cloud to an on-premise data center.
Zscaler
Zscaler Cloud Firewall is powered by patented technologies such as SSMA, ByteScan, PageRisk, Nanolog, PolicyNow to provide advanced security protection. You can create a granular level of policies to control protocol, ports, location, user department, etc.
If you are looking for all-in-one network security with some of the following features, give it a try Zscaler.
Cloud firewall DNS/URL filtering Bandwidth control DNS Security Anti-virus File type controls Data loss prevention
SonicWall
The SonicWall firewalls give your organization the security, control, and visibility of the network, allowing you to prevent current and future cyber threats. The company offers a variety of solutions with flexible pricing plans to suit all sizes of businesses. And you can deploy the firewall as an on-premise or virtual appliance.
Features include
Protects network, infrastructure, public, private, and hybrid cloud environments from malware threats, ransomware attacks, DDoS, data theft, and others. Advanced and intelligent threat management, detection, and protection Advanced web content filtering Quick and accurate decrypting and validating of large volumes of network traffic Automatically enforce antivirus protection. Application control that includes identification, bandwidth management, and granular application control Great analysis dashboard, attack visualization, and real-time alerts.
Sophos XG
Sophos XG is a comprehensive firewall solution optimized to secure entire cloud environments effectively. It provides the best visibility, protection, and response to threats targeting public and hybrid clouds.
Key features include;
A rich feature, centralized dashboard with extensive reporting hence greater visibility and insights. Cloud-based management platform that makes it easy to configure and scale the firewall components as well as monitor network health and threats, An easy and quick to deploy an all-in-one solution with a firewall and other security features such as sandboxing, VPN, WAF, IDS, etc. Enhanced threat protection to identify all types of attacks and the ability to identify the hidden threat, risks, and vulnerabilities Ability to automatically respond and also isolate compromised networks, hosts, and systems.
The Sophos XG has a free trial period to help you find out if it meets your requirements.
pfSense
Pfsense is a powerful open-source firewall, Router, and VPN solution that fully secure IT systems. The low-cost security solution based on FreeBSD operating systems is available as a Netgate appliance, a cloud instance, a virtual machine, or a white box suitable for a wide range of deployment scenarios. It offers great, low-cost perimeter security for all business types and is a good choice if you have a limited budget.
The pfSense lightweight firewall solution does not require high-end hardware to run and has a wide range of easy-to-manage features with a centralized configuration. Key features include
Effective firewall, routing, and VPN Load balancing, Filtering web content Intruder detection and prevention system Transparent Caching Proxy supports on-premise and cloud environments Effective and flexible solution.
Alternatively, you can host pfSense yourself or get the running instance on the Kamatera cloud.
Imperva Cloud Security
Imperva security solution allows you to protect your cloud environment, applications, databases, APIs, and data. This is a flexible, affordable, and effective security solution that offers a wide range of services while allowing you to manage everything from one place. Usually available as a self-managed or as a SaaS model, Imperva allows you to protect all your cloud workloads, ensure compliance, respond to threats, and address a wide range of security risks.
The easy to deploy and integrate solution has a continuous monitoring capability to provide you with real-time visibility and insights into your cloud environments. Key features include;
An effective web application firewall (WAF) Enhanced Data, applications, API security protection against DDoS, BOTs, and other attacks reliable data risks and attacks analytics and reports Runtime Application Self-Protection (RASP) Supports AWS, Azure, Google Cloud platforms, and others Easily and quickly identify and mitigate security risks.
DigitalOcean
Cloud Firewall by DigitalOcean is free, and you don’t need to install any software on your server. You can control what services are allowed to your droplet from what sources.
DigitalOcean firewall is easy to use, and you can control the rules in one view to manage the entire DO infrastructure.
Conclusion
I hope above to give you an idea about some of the cloud-managed firewalls available in the market to protect small to enterprise businesses. If you are running out of budget, then alternatively, you may try an open-source firewall.
