What is security virtualization?
Security virtualization is the practice of using virtual security services instead of physical appliances to protect networks, data, devices, and more. It is a software-defined solution where the security functions aren’t limited to specific hardware or locations; they can be deployed anywhere in the network and are often cloud-based. For instance, for firewall virtualization, we tend to think of virtualization in terms of only protecting workloads and applications in the data center, but it can also be applied to inbound/outbound traffic at the network gateway or network zone.
Security virtualization delivers the same capability and robustness as a physical approach, but with added flexibility and agility. For example, you don’t need a crystal ball to predict your future security needs, and you can adapt to constantly changing cloud or hybrid environments as well as dynamically created applications and workloads.
How does virtualization work for firewalls?
In security virtualization, we convert the security functions from dedicated hardware appliances to software installed on virtual machines (VMs). Take firewalls as an example. A virtual firewall can replace the physical firewall to act as a barrier that secures access to a network zone or it can also be deployed in the datacenter to monitor and manage security policies for workloads, applications, and access to other virtual machines. With physical appliances, the platforms are deployed in one location of a network and remain static whereas with security virtualization the VMs can be created, torn down, and moved around inside a data center or network.
What is prompting the move to security virtualization?
As networks grow increasingly virtualized with more applications run in the cloud and more VMs being created for computing and storage, security functions must also be virtualized in a portable way to move with the applications and computing workloads. The move to virtualization and the cloud is all about gaining more speed and agility. But, if we implement virtualization everywhere else in the business and not in network security, it ends up being a roadblock to digital acceleration. Businesses need their network security to be infrastructure-led so it can be more agile and keep pace with digital business acceleration.
Cyber trends prompting the move to security virtualization include:
- demand for increased bandwidth
- evolving traffic mix
- exponential growth of SSL/TLS adoption
- emerging cybersecurity threats which physical firewalls are struggling to address
- the disappearing network perimeter
If we take the example of network firewalls, these current cyber trends make it a challenge to inspect high levels of encrypted traffic while keeping the network traffic flowing. And, with more devices and locations, many of which aren’t physically located inside the traditional perimeter, securing them is not possible with just physical security appliances.
If we were to rely solely on physical firewalls, every large network would need tens, or even hundreds, of network firewalls scattered about, each one protecting different tenants and their environments. These are fixed resources which are complex and expensive to deploy, manage and operate. If we rely on rigid, physical edge components in this scenario, then network security can’t keep pace with digital business acceleration. Instead, what’s needed is a virtualized approach which makes it possible to increase inspection capacity and threat protection in a flexible, scalable, agile way.
What are the benefits of security virtualization?
Security virtualization in the context of network firewalls means you enjoy the same features as physical firewalls, but with added flexibility and scalability. It also means you can deal with some of the security challenges unique to a virtualized network. The benefits include:
- Scalability: the software-defined approach allows users to increase inspection capacity depending on daily requirements, and this is done dynamically, at the touch of a button. Security professionals no longer have to rely on accurate predictions of future use.
- Lower costs: instead of a huge outlay on specialized hardware, virtualization frees up businesses to purchase commodity hardware and then only pay for the security services and functions they need at any given time, rather than pre-loading their system with extra capacity for the day they might need it.
- Simplicity: virtualization means centralized management with an intuitive UI. One employee can orchestrate policy management and other administrative functions across multiple VMs and platforms in a distributed network.
- Faster deployment: you no longer have to worry about ordering physical appliances which take time to ship, configure and deploy. Instead, you’re just deploying software which is quick and easy to install and maintain.
- Enhanced service offering: MSSPs can offer dedicated security resources within a cloud set up to tenants and service subscribers, as well as things like customizable firewall controls as an additional managed service.
Is this just about virtualizing your firewalls?
No. When built on a secure access secure edge (SASE) framework, you can start with virtual network firewalls today and add many other security services in the future. In fact, if we limit security virtualization to just firewalls, we won’t solve the bigger issues facing the network security landscape.
Security and networking teams are also managing infrastructure and tools for threat prevention, web filtering, and data loss prevention, to name just a few. Security virtualization can be looked at across three major dimensions:
- Security services: Firewall, WAF, DLP
- Deployments: Private cloud, public cloud, hybrid cloud, branch office
- Integrations: CMDB, monitoring, billing
When you convert physical firewalls to virtual ones, you can realize 5x lower total cost of ownership (TCO) and 24x faster time to deployment. Now, imagine the gains in agility and cost savings when you virtualize the rest of your security services, across multiple deployments, with the integrations which now form part of today’s network security landscape.
When virtualization is introduced across all pieces of the network security puzzle, you can tap into capabilities like:
- application awareness and control;
- intrusion detection and prevention;
- advanced malware detection;
- URL filtering;
- logging and reporting;
- and more.
As enterprises accelerate digital business, security virtualization is critical to become more scalable, flexible and dynamic. Network firewall virtualization is just the beginning of this transformation. By adopting a SASE-based platform, we can automate security virtualization of the whole infrastructure across services, deployments, and tools.