The IT industry is becoming more comfortable with the concept of virtualized firewalls in more and more scenarios. Enterprises and service providers are excited about having a more flexible, dynamic, affordable approach to threat prevention in an increasingly fast, complex, data-heavy network. As the set-up of virtual network firewalls is becoming simpler and quicker thanks to the introduction of automated virtualization, limiting this to just one deployment scenario or security service doesn’t solve the bigger issues facing the network security landscape.
Security and networking teams are also managing infrastructure and tools for threat prevention, web filtering, and data loss prevention, to name just a few. And, they’re deploying these in multiple scenarios from private to public to hybrid cloud. If network firewall virtualization is delivering the responsiveness needed for the latest digital initiatives, then what would happen if we expanded virtualization to more use cases with the same platform?
The three dimensions for automated network security virtualization
If you look at your network security infrastructure as having three dimensions, then it becomes possible to see how the benefits realized by virtualizing network firewalls can be expanded to more and more use cases.
To achieve a comprehensive security architecture in today’s environment, security professionals rely on multiple security tools that run on multiple different platforms in many distinct environments. While it’s important to start with one core function, like the network firewall, security teams can’t effectively protect the network without other tools like Web Application Firewalls (WAF) or Data Loss Prevention (DLP) appliances. If you can automatically convert physical to virtual network firewalls, then imagine the gains in scalability, agility and and cost savings when you virtualize and integrate the rest of your security services on the same platform.
Large networks are not static or fixed anymore. There is not one deployment model that fits all. And while, we hear a lot about everyone moving to the cloud and the disappearing perimeter, this is not the case for all. Some continue to leverage and build a private cloud, some opt for a hybrid model, and almost all are facing an increase in remote workers. Network security places a vital role in all of these and needs to be deployed in multiple scenarios. But, for that to work as seamlessly and easily as possible we need a common platform and one tool to virtualize and manage the virtualization infrastructure across all of it.
Finally, there are several integrations, which form part of the network security landscape today, that are crucial from monitoring to network management tools. For example, with a Configuration Management Database (CMDB), the IT team can store all the hardware and software components used in their IT services and keep track of the relationships between those components. Security Information and Event Management (SIEM) is fast becoming a popular tool for collecting log and event data from applications, devices, networks, infrastructure, and systems to create a holistic view of an organization’s information technology (IT). If you’re going to virtualize one or multiple elements of your network security architecture, you need them all to be integrated with the same tools, in the same fashion.
Fixed network security infrastructure and legacy technologies simply no longer provide the speed, scale and simplicity that network owners need across all three dimensions. With the increase in remote users, data moving from the data center to cloud services, and the ever-expanding number of digital business initiatives, IT teams need immediate, agile, and cost-effective infrastructure to secure access for their users to all the data and applications, no matter where they are located. But how can this be accomplished?
Leveraging a SASE framework for automated network security virtualization
Secure Access Secure Edge, or SASE, is a new enterprise networking approach, identified by Gartner in 2019, that combines software-defined wide area networking (SD-WAN) with security, like firewall-as-a-service (FWaaS), into a single, cloud platform. With its agility and distributed approach, this is the framework we’ve been waiting for to make virtualization possible across all pieces of the network security puzzle.
While most network firewall virtualization is currently at the private multi-tenant level, the next step is to open up to public and multi-cloud and allow enterprises to integrate their network security systems within a unified, SASE framework. When this development happens, we can then look to include web application firewall, data loss prevention and other key security technologies from any vendor. This model will provide central control for license management, software upgrades, and zero-touch provisioning of any additional network security services, not just firewalls.
The benefits of full virtualization on a SASE framework
Many organizations are already seeing the advantages of virtualization when applied to the network firewall. But, when we can virtualize all network security services across deployments with multiple integrations on a single SASE framework, we’ll benefit even more from:
- Hands-free network operations
- Vendor agnostic security services
- Fully cloud-based infrastructure
- One, software-defined platform
- Single management interface
As enterprises accelerate digital business, network security must adapt to become more scalable, flexible and dynamic. Network firewall virtualization is just the beginning of this transformation. By adopting a SASE-based platform, we can automate the virtualization of the whole network security infrastructure across services, deployments, and tools.