Organizations from many industries have started moving their IT infrastructure to the cloud faster than ever.
When we talk about infrastructure, it’s not just server, database, storage – there is more to it.
A typical medium to a large organization would have the following infrastructure components.
In a traditional infrastructure, Firewall appliances may cost around a few thousand dollars and need a firewall admin to manage it. It’s expensive.
Thanks to the managed firewall where you don’t have to buy expensive hardware appliances and hire an administrator for it.
The managed firewall is a service where you pay for what you use either on-demand or monthly. You don’t have to worry about the hardware. You can administer the firewall rules from intuitive GUI or command lines.
Note: The following are infrastructure firewall and not to confuse with the Web Application Firewall.
Let’s take a look at some of the managed firewall you can use to protect your production infrastructure environment.
Google Cloud Platform
Google Cloud creates default firewall rules for each VPC (Virtual Private Cloud) network. You can allow or deny connections to ingress (incoming) or egress (outgoing) rules, and they are effective immediately.
It supports priority order between 0 to 65535, where the lowest rule number got the highest priority. All are managed either through the “Firewall rules” section under VPC Network or command line.
I use GCP and love simplicity.
Source support multiple options like IP ranges, sub-networks, source tag, or service accounts, and in a single line, you can give multiple port numbers.
If you are already using Google Cloud, then play around with firewall rules to explore the possibilities to harden and secure the server at the network firewall level.
A known name in the security industry – Checkpoint got the vSEC product for public and private cloud security. vSEC is available on a public cloud such as AWS, GCP, Azure & VMware, and private cloud as OpenStack, VMware NSX & Cisco ACI.
vSEC provides advanced threat protection including firewall, IPS (Intrusion Prevention System), Anti-virus, Anti-bot, Zero-day protection, DLP (Data Loss Prevention), and application control.
You can try a FREE test drive.
Barracuda NexGen firewall is available on the public cloud – AWS, GCP & Azure. NexGen is a full-featured firewall solution to provide network-level protection.
It acts as a network gateway between your network and the Internet and inspects all inbound & outbound traffics to protect based on the policies.
NexGen firewall got built-in SD-WAN (Software-defined wide area network) to provide connectivity between cloud to an on-premise data center.
Zscaler Cloud Firewall is powered by patented technologies such as SSMA, ByteScan, PageRisk, Nanolog, PolicyNow to provide advanced security protection.
You can create a granular level of policies to control protocol, ports, location, user department, etc.
If you are looking for all-in-one network security with some of the following features, then give a try to Zscaler.
- Cloud firewall
- DNS/URL filtering
- Bandwidth control
- DNS Security
- File type controls
- Data loss prevention
The SonicWall firewalls give your organization the security, control, and visibility of the network hence allowing you to prevent current and future cyber threats. The company offers a variety of solutions with flexible pricing plans to suit all sizes of businesses. And you can deploy the firewall as an on-premise or virtual appliance.
- Protects network, infrastructure, public, private, and hybrid cloud environments from malware threats, ransomware attacks, DDoS, data theft, and others.
- Advanced and intelligent threat management, detection and protection
- Advanced web content filtering
- Quick and accurate decrypting and validating of large volumes of network traffic
- Automatically enforce antivirus protection.
- Application control that includes identification, bandwidth management, and granular application control
- Great analysis dashboard, attack visualization, and real-time alerts.
Sophos XG is a comprehensive firewall solution optimized to effectively secure entire cloud environments. It provides the best visibility, protection, and response to threats targeting public and hybrid clouds.
Key features include;
- A rich feature, centralized dashboard with extensive reporting hence greater visibility and insights.
- Cloud-based management platform that makes it easy to configure and scale the firewall components as well as monitor network health and threats,
- An easy and quick to deploy all in one solution with a firewall and other security features such as sandboxing, VPN, WAF, IDS, etc.
- Enhanced threat protection to identify all types of attacks and the ability to identify the hidden threat, risks, and vulnerabilities
- Ability to automatically respond and also isolate compromised networks, hosts, and systems.
The Sophos XG has a free trial period to help you find out if it meets your requirements.
Pfsense is a powerful open-source firewall, Router, and VPN solution that fully secure IT systems. The low-cost security solution based on FreeBSD operating systems is available as a Netgate appliance, a cloud instance, a virtual machine, or as a white box hence suitable for a wide range of deployment scenarios. It offers great, low-cost perimeter security for all types of businesses and is a good choice if you have a limited budget.
The pfSense lightweight firewall solution does not require high-end hardware to run and has a wide range of easy-to-manage features with a centralized configuration.
Key features include
- Effective firewall, routing and VPN Load balancing,
- Filtering web content
- Intruder detection and prevention system
- Transparent Caching Proxy
- supports on-premise and cloud environments
- Effective and flexible solution.
Alternatively, you can host pfSense yourself or get the running instance on the Kamatera cloud.
Imperva Cloud Security
Imperva security solution allows you to protect your cloud environment, applications, databases, APIs, and data. This is a flexible, affordable, and effective security solution that offers a wide range of services while allowing you to manage everything from one place.
Usually available as a self-managed or as a SaaS model, Imperva allows you to protect all your cloud workloads, ensure compliance, respond to threats, and address a wide range of security risks.
The easy to deploy and integrate solution has a continuous monitoring capability to provide you with real-time visibility and insights into your cloud environments.
Key features include;
- An effective web application firewall (WAF)
- Enhanced Data, applications, API security
- protection against DDoS, BOTs and other attacks
- reliable data risks and attacks analytics and reports
- Runtime Application Self-Protection (RASP)
- Supports AWS, Azure, Google cloud platforms and others
- Easily and quickly identify and mitigate security risks.
Cloud Firewall by DigitalOcean is free, and you don’t need to install any software on your server. You can control what services are allowed to your droplet from what sources.
DigitalOcean firewall is easy to use, and you can control the rules in one view to manage the entire DO infrastructure.
I hope above to give you an idea about some of the cloud-managed firewall available in the market to protect small to enterprise business. If you are running out of budget then alternatively you may try open source firewall.