Firewall as a Service (FWaaS) is a new and revolutionary way of delivering firewall and other network security capabilities as a cloud service. Enterprises have always deployed next generation firewalls as appliances. While form factor varies between physical and virtual appliances, deployed on-premises or in the cloud, customers need to support the full appliance life cycle. Distributed locations need dedicated appliances that have to be sized and upgraded to accommodate business growth. Appliance software has to be patched and upgraded, and policy management must be done on an appliance basis.
FWaaS is a new type of a next-generation firewall. It doesn’t merely hide physical firewall appliances behind a “cloud duct tape”, but truly eliminates the appliance form factor, making network security (URL Filtering, IPS, AM, NG-AM, Analytics, MDR) available everywhere. In essence, the entire organization is connected to a single, logical global firewall with a unified application-aware security policy. Gartner has highlighted FWaaS as an emerging infrastructure protection technology with a high impact benefit rating.
ICG Cloud Connect SD-WAN, the world’s first SASE platform, built on a global private cloud of 50+ PoPs, aggregates all enterprise traffic from data centers, branches, mobile users, and cloud infrastructure. It then enforces a comprehensive security policies and threat prevention on both WAN and Internet-bound traffic, across all users and applications.
ICG's FWaaS represents the next evolution in firewall technology that leverages advances in software and cloud technologies, to deliver a wide range of network security capabilities, on-demand, wherever businesses need it.
“When we learned about the solution, we liked the idea of simple and centralized management. We wouldn’t have to worry about the time-consuming process of patch management of on-premises firewalls.”
- Alf Dela Cruz, First Vice President, Head of IT Infrastructure and Cybersecurity, Standard Insurance
As enterprises expand their networks to include new resources, such as cloud infrastructure and mobile users, IT must extend security accordingly. However, relying on traditional appliance-based firewalls is no longer a viable solution. Firewall appliances don’t have a line of sight into these resources, forcing enterprises to backhaul mobile traffic through datacenter firewalls, adding latency due to the trombone effect. Alternatively, allowing direct access to the cloud leaves mobile users dependent on the unpredictable Internet performance. In addition, direct cloud access bypasses datacenter firewalls, requiring additional cloud security products to ensure enterprise-wide security.
FWaaS, delivered as an integral part of a full SASE platform, addresses the shortcomings of appliance-based firewalls. By leveraging the benefits of a cloud infrastructure, FWaaS provides the necessary scalability and elasticity to support today’s evolving business. In addition, it extends a full network security stack wherever needed, globally, and down to a single user. This eliminates the need to deploy additional point products, drastically reducing the cost and complexity of integrating, securing and managing remote locations, cloud applications and mobile users.
The level of protection a firewall appliance provides is limited to its physical capacity. Protecting increased traffic loads, for instance, entails additional processing and requires spending time and resources on forced upgrades. This capacity limitation often forces IT to choose cost efficiency over security, resulting in a low security posture.
Delivered as a cloud service, FWaaS removes all appliance capacity concerns, and eliminates the hassle associated with upgrading multiple firewalls. With ICG's scalable and elastic cloud infrastructure, IT can protect all resources without legacy firewall capacity limitations and maintain an optimal security posture.
Appliance-based security inherently entails distributed deployments and disparate security policies. As a result, IT is forced to allocate valuable time and effort to manage the network life cycle; including manually sizing, deploying, configuring, patching and upgrading firewall appliances across multiple sites.
ICG connects the entire organization to a single, logical global FWaaS with a unified application-aware security policy. Maintenance of the service is done by ICG, so IT can manage the business-specific security policy, without wasting time on manually handling multiple firewall appliances, their software, and their configuration.
Managing optimal security posture is a big challenge. For example, appliance-based IPS requires heavy involvement from IT. As an IPS vendor distributes new signatures, IT must assess their relevance and impact on performance, then test them on live traffic for false positives and end user disruption, and finally, deploy them in full production mode. This resource impact causes many IT teams to essentially ignore IPS updates, weakening their network security posture.
ICG uniquely delivers Firewall and IPS as a managed solution, freeing IT from the burden of security posture maintenance. ICG evaluates emerging threats and develops the rules to stop them. ICG then tests these rules in simulation mode on live traffic, ensuring enterprises aren’t impacted and eliminating false positives before rolling them out. As a result, threats are prevented and stopped without overloading IT.
Face to face or over Zoom, we are here to help you.