A virtual firewall, also known as a cloud firewall, is a cybersecurity solution specifically designed for environments where deploying a hardware firewall is difficult, such as public and private cloud environments; software-defined networks or SDNs; and software-defined wide area networks, or SD-WANs.
Like hardware firewalls, virtual firewalls grant or deny network access to traffic flows between untrusted and trusted zones. Unlike hardware firewalls, virtual firewalls are essentially software, making them ideal for securing virtual environments.
Virtual firewalls can also be deployed as virtualized versions of next-generation firewalls. These advanced virtual firewalls can inspect and control north-south perimeter traffic in public cloud environments, as well as segment east-west traffic within data centers and branches, and inject advanced threat prevention measures through micro-segmentation—that is, by isolating workloads from each other and securing them individually.
Why Use Virtual Firewalls?
While offering benefits for accelerating innovation and reducing computing costs, virtual environments also come with increasing security and compliance risks not present in traditional data centers.
New attack types that bypass standard perimeter security often target decentralized infrastructures such as applications, data, and workloads deployed from multiple sources. endpoints instead of a dedicated resource make comprehensive visibility and security difficult to achieve.
The speed at which users expect virtualized environments to deliver service is another security concern. Security professionals must address the DevOps speed issue with the security challenges currently spanning distributed environments.
A suitable next-generation virtual firewall can help provide a consistent network security posture across your IT environment, including private clouds, public clouds, and branch locations. Find more information about core use cases in 3 Virtual Firewall Use Cases.
Do virtual firewalls provide comprehensive threat prevention?
Virtualized environments need to prevent real threats. Essential capabilities to look for include intrusion prevention, URL filtering, SSL decryption, DNS security, file blocking, network anti-malware, and denial-of-service protection.
Do virtual firewalls reduce attack surfaces?
Virtual firewalls often provide side-motion protection – for traffic inside the private cloud – which can reduce the attack surface in a virtualized environment.
Do virtual firewalls provide application-centric security policies?
The ability of a virtualized environment to deliver applications on demand means the firewall must have application-centric security policy capabilities, such as the ability to identify any application, regardless of its classification, behavior, or location. it.
Can virtual firewalls be automatically provisioned and scaled?
In some cases, virtual firewalls can be automatically provisioned to keep up with continuous integration and continuous delivery (CI/CD) expectations and even be provisioned directly into DevOps workflows.
Do virtual firewalls allow visibility across environments?
The ability to manage virtual firewall deployments across multiple virtualized environments can reduce time, effort, errors, and costs.
