YOU ARE AT:FundamentalsWhat is Firewall as a Service?

What is Firewall as a Service?

FWaaS is a cloud-based firewall offered to customers as a managed service

Firewalls — physical devices that monitor all inbound and outbound network traffic — keep enterprises safe from unauthorized access. Backhauling like that doesn’t work with the cloud. 

Physical network devices impose limitations of scale and access that are incompatible with companies turning to the cloud and hybrid cloud and hybrid work solutions. The increasingly porous borders of corporate data require a software-driven, cloud-native approach. That’s where Firewall as a Service (FWaaS) comes in. 

FWaaS has emerged to replace hardware-based firewalls. FWaaS is cloud-based enterprise security. What’s more, FWaaS is a cornerstone of Secure Access Service Edge (SASE). SASE bundles individual existing cloud security tools into one complete solution. SASE aligns network security functions starting with Firewall as a Service (FWaaS), along with Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero-Touch Network Access (ZTNA).

“Years ago, when companies kept all their applications and data in single, on-site data centers, they took a “castle and moat” approach to securing their networks, with on-premises firewalls serving as the main access checkpoints. However, as companies moved to the cloud, adopted infrastructure- and platform-as-a-service —Iaa S and PaaS —strategies, added more company and employee-owned mobile devices to their networks, and began using more applications and data hosted on third-party infrastructure (i.e., software as a service, or SaaS), they quickly discovered they no longer had clearly defined network perimeters,” said Palo Alto Networks.

SASE first emerged as an industry buzzword and growing segment of cloud spending following a 2019 Gartner report. Driven by Software Defined Wide Area Network (SD-WAN) principles, SASE separates the management of the network from the physical network itself. This enables effective security management of remote workers and remote offices, regardless of how they’re connected. SASE is estimated to be a $4 billion market tracking 37% year-over-year growth, according to reports.

FWaaS services comprise Next Generation Firewall (NGFW) functionality as software. NGFW systems incorporate traditional firewall abilities like dynamic packet filtering, or stateful inspections, network address translation (NAT) and Virtual Private Network (VPN) support. FWaaS platforms incorporate intrusion prevention and advanced threat detection capabilities, deep packet inspection and other techniques to keep unauthorized access away from the network and all the devices touched by it.

“FWaaS is positioned between your network and the internet. As traffic attempts to enter your network, the FWaaS solution inspects it to detect and address threats. The inspection analyzes the information contained in the header of each data packet, garnering insight into where the packet came from and other behaviors that may signal it is malicious,” explains Fortinet.

FWaaS, as part of a comprehensive network security strategy, enables enterprises to more confidently move operations, processes, and personnel to the cloud. It offers a more flexible, scalable approach than dedicated network hardware, for cloud-facing enterprises. Offered as a subscription, FWaaS also helps businesses looking to reduce capital expenses and improve agility.

ABOUT AUTHOR