Today, most managed firewall services offered by MSSPs rely on physical appliances deployed in their customer’s network or hosted in their own network. While this allows the enterprise to switch the capital expense (CAPEX) from buying hardware-based firewalls to a monthly operating expense (OPEX), it is far from an ideal business model for MSSPs.
That’s because it is difficult to predict the firewall capacity needed in a few months, let alone a year from now, so the MSSP is forced to keep adding more physical appliances that consume money, time and resources. MSSPs need to consider virtualization for a more flexible firewall service.
Yet, as outlined in my previous blog, Why You Need to Virtualize your Network Firewall, even though virtual firewalls have the same capabilities as their physical counterparts, the network firewall is rarely virtualized because it’s hard.
When MSSPs try to virtualize network firewalls for their customers, they discover that a build-your-own virtual firewall platform can take a lot more time, DevOps resources and money than most anticipate. That’s why MSSPs need a new approach to their managed firewall service that can automatically replace those physical firewalls with virtual ones.
A new approach to managed firewall services
Last year, Gartner introduced a new concept called SASE, which is pronounced “sassy” and stands for secure access secure edge. It refers to technology which converges the functions of network and security point solutions into a unified, cloud-centric service. It was developed in response to the limitations outlined above, including the reliance on physical infrastructure and lack of automation.
A SASE architecture can deliver comprehensive WAN capabilities plus advanced network security functions like secure web gateways (SWG), Firewall-as-a-Service (FWaaS), Cloud Access Security Brokers (CASB), and Zero Trust Network Access (ZTNA) to facilitate the dynamic needs of network security.
But it’s FWaaS where SASE can fundamentally change how MSSPs deliver managed firewall services and offer the biggest benefit to both enterprises and MSSPs.
The benefits of a SASE framework for FWaaS
A virtualized FWaaS, built on a SASE framework, makes it easy to deploy as many virtual firewall instances as required, for however many tenants you have signed up for the service. With tight integration of server, hypervisor, firewall VMs and security orchestration tools, MSSPs can manage all those VMs as a unified entity.
This turnkey virtualization platform can be installed in minutes and your customers never have to deal with the infrastructure. You can replace all of your customer’s existing physical firewalls with virtual firewalls, offering the same features but more flexibility.
Delivering FWaaS as part of a SASE platform makes it easier for MSSPs to manage the security of their customer’s network, set uniform policies, quickly make changes, and increase threat protection. It also offers these benefits:
- An automated approach to quickly stand up and offer FWaaS using virtual firewalls without big infrastructure spends.
- A simple, intuitive UI so you easily add virtual firewalls for new customers or re-assign virtual firewalls when customers change.
- More agility for your service offering as SASE offers a modular design that you can leverage to build more new services, all virtualized and cloud-centric.
With enterprises looking for the latest security solutions and virtualization of their firewalls, MSSPs have to move beyond their traditional managed firewall services to offer a flexible and up-to-date FWaaS that protects their customer’s network, data and users. Using a SASE framework allows MSSPs to offer a new, virtualized FWaaS with increased speed, agility, and simplicity.