The trend towards the cloud and increased remote working has big implications for network security. Enterprises need to monitor more traffic in different deployment scenarios, and they cannot continue to rely solely on physical firewalls at a central location to deliver the complex and ever-changing functionality they need. The good news is that virtualizing network firewalls are a compelling solution to these challenges and if offered as a managed service by an MSSP then the enterprise can offload additional complexity.
In Gartner’s recent Magic Quadrant for Network Firewalls report (download from Fortinet or Palo Alto), they expect a huge surge in firewall virtualization with the prediction that Firewall as a Service (FWaaS) will represent 30% of new distributed branch office firewall deployments by 2025, up from less than 5% in 2020. This conclusion is supported by a Reportlinker study from April 2020. According to their report, the global Firewall as a Service Market, which includes managed virtual network firewalls, will reach $3.4 Billion by 2027, growing at a CAGR of 22.1% over the analysis period 2020-2027.
What does this mean for network firewalls?
One way or another, network firewalls need to go virtual. After reading the Gartner report and other supporting materials, it’s clear that the market right now needs all the goodness of the network firewall’s physical features with the flexibility of virtualization. These virtual network firewalls can:
- offer bidirectional controls (both egress and ingress) for securing networks.
- be adjusted for a range of deployments from on-premises to hybrid (on-premises and cloud) and public to private cloud.
- cover different scenarios, including perimeter, small and midsize businesses (SMBs), data center, cloud, and distributed offices.
- offer additional capabilities, such as application awareness and control, intrusion detection and prevention, advanced malware detection, and logging and reporting without impacting performance.
As I discussed in my recent blog, virtual firewalls have evolved to feature parity with their physical appliance counterparts while offering significantly more flexibility. But, despite this progress, it is still relatively uncommon for an enterprise security team to virtualize their network firewalls. Why is that?
It’s because most FWaaS offerings are a pure cloud play and not suitable for hybrid models, so it forces an all or nothing decision. And for a hybrid model, a build-your-own virtual network firewall platform can take a lot more time, DevOps resources and money than most anticipate.
How can you make the conversion easier?
Firewall virtualization – whether a managed virtual network firewall service, FWaaS or virtual firewalls deployed in the private network – removes the complexity, cost and risk of hardware deployments, and simplifies network architecture for the enterprise.
Firewall virtualization offers several key benefits:
- Scalability: you can easily and quickly increase inspection capacity in line with day-to-day changes.
- Agility: by moving from hardware-dependent solutions, you get the flexibility to add capacity with the push of a button.
- Low cost of entry: if you pay-as-you-grow with a subscription model, you are moving your firewall expenses from CAPEX to OPEX and only paying for what you need.
- Zero-touch network security operations: with centralized management and an intuitive UI, you get quick and easy set up without the need for DevOps expertise.
- Ability to add future services: if built on a secure access secure edge (SASE) framework, you can start with virtual network firewalls today and add other security services in the future.
But, when you make the shift, you will want to ensure you can convert your existing physical firewalls to virtual equivalents without having to touch your existing firewall policy and that you can support the on-going orchestration and management of the virtual firewall infrastructure.
This is why automation – with a turnkey platform – is so crucial to successful adoption and integration of virtual network firewalls. As I mentioned above, it’s simply too challenging, time-consuming – and ultimately too costly – to opt for a DIY virtualization approach. A platform that allows you to automatically replace physical firewalls with virtual ones and then constantly monitor and manage the virtual firewalls and their underlying infrastructure is needed. You could deploy this platform yourself or, perhaps even better, subscribe to it as a service that is offered and hosted by your service provider or an MSSP.
As more and more businesses adopt hybrid cloud models and remote working practises, network firewalls need to adapt. The traditional firewall model can’t deliver the scalability, flexibility and simplicity that is available with virtualization. A virtualized approach to your network firewalls will fundamentally change your network security and when you can automate the firewall virtualization, you’ll realize the biggest benefits.
See how Corsa Security can help
Our turnkey Corsa Security platform automates firewall virtualization and can be directly hosted by the enterprise customer or delivered by an MSSP as a service. In all cases, you can easily convert your physical firewalls to virtual ones and avoid the onerous DIY virtualization projects.
Learn more in our three-part video series.