As we’ve seen with branch office transformation and users continuing to work remotely, change is the only constant in the firewall sector. When properly designed, Secure Access Service Edge (SASE) architecture places the user in the centre, with cloud edge security services protecting them, their data, and the apps and websites they use every day, whether at work or at home.
Branch offices require network security for all outward ports and protocols in order to keep their users productive without having to hairpin traffic from their remote workers back to the main data center enterprise firewall, which results in a bad user experience.
Users and offices can utilise Firewall-as-a-Service (FWaaS) to get cloud firewall services for outward egress traffic. Only four of the 17 manufacturers featured in the most recent Gartner Enterprise Firewall Magic Quadrant, published in November 2020, had FWaaS solutions available, with a fifth vendor launching their new cloud firewall early 2021. However, FWaaS use is fast increasing; according to Gartner, 30% of new distributed branch office firewall deployments will transition to Firewall-as-a-Service by 2025, up from less than 5% in 2020.
While the pandemic initially resulted in increased spending on VPN solutions, the longer-term strategy shows increased FWaaS to support working from anywhere, increased cloud adoption favouring cloud security solutions, a shift to zero trust in tandem with FWaaS interest, and cost optimization driving consolidation with fewer branch offices. Next to secure web gateway (SWG) and cloud access security broker, FWaaS is expected to be one of the fastest-growing and top three revenue-driving components of SASE architecture (CASB).
Because some products marketed as “FWaaS” may in fact leverage a legacy VPN path to a cloud-hosted firewall image, and then use more service chains to other defences, resulting in multiple hops, increased latency, and a poor user experience, understanding these new cloud firewalls requires some careful reading between the lines.
If you want less complexity, more consolidation, and a reduced total cost of operations, integrating into one platform, one console, and one policy engine makes a huge impact. Avoid checklists and several consoles when analysing FWaaS, and make sure to test for desired performance and user experience.
The Netskope Cloud Firewall (CFW), announced today as part of a number of key enhancements to the Netskope Security Cloud, is fully integrated into our SASE architecture with network security for users and offices for all outbound ports and protocols for TCP, UDP, and ICMP. Beyond the expected 5-tuple firewall policy egress controls is support for users and groups, FQDNs and wildcards, an application layer gateway for FTP, and firewall event logging. More importantly, on the same cloud security platform, your web and cloud traffic are inspected by the Netskope Next Gen SWG with threat and data protection defenses running on NewEdge, the world’s largest and highest performing private network cloud.
Netskope CFW is available to users and offices all over the world, with centralised management and no need for endpoint firewall agents or hardware or firmware updates. NewEdge provides a quick user experience while maintaining security across network egress protocols and ports all the way to the enterprise or personal app instances, preventing cloud virus delivery, phishing assaults, and data exfiltration. SASE integration is available in the Netskope Security Cloud, which provides security from Layer 3 to the apps and data that fuel your company’s success.