Aviatrix introduced its Distributed Cloud Firewall as an alternative to typical next-generation firewalls (NGFWs), which the vendor claims aren’t up to par with today’s reality of increasingly disparate cloud networks. According to Rob Stuhlmuller, Aviatrix VP of solutions marketing, the cloud networkingvendor’s firewall offers “the same functionality as the next-generation firewall, but in this distributed model,” he told SDxCentral.
In today’s world of distributed and hybrid cloud environments, simply bolting NGFWs onto the cloud isn’t enough. Still, NGFW vendors are “all doing it exactly the same way they did it in the data center, and that’s just not the right way to do it for cloud,” Stuhlmuller pointed out.
And it’s not like the cloud hyperscalers have built firewalls much differently than the NGFW vendors. Amazon Web Services (AWS), Microsoft Azure and Google Cloud all offer firewall services, but they use a similar centralized operational model. “They never did it as a distributed model, which is better for cloud,” he reiterated.
“The cloud is perimeterless, agile, dynamic and scale-out by design,” Aviatrix CEO Steve Mullaney added. “Network security must follow. It must be distributed and embedded into the network to deliver a true zero-trust, agile environment. Aviatrix Distributed Cloud Firewall is going to dramatically change the cloud security game for our customers and save them a lot of money in the process,” he touted.
Aviatrix defines new product category
Aviatrix’s new cloud firewall pushes all network traffic through inspection points rather than letting it head straight to the cloud, which is one way potential threats can enter a network. To address that possibility, Aviatrix embeds firewall functions across the entire cloud network to provide central management with distributed inspection and enforcement.
The cloud firewall also supports east-west firewalling; layer-seven decryption; and policy filtering, inspecting and enforcing “across the entire cloud in a distributed way,” as opposed to rerouting all traffic to a centrally-located NGFW or group of NGFWs, Stuhlmuller added.
“This is more cloud native than native cloud firewalls. It’s a game changer for us,” Jason Simpson, VP of engineering at Choice Hotels, said. “Aviatrix has flipped the equation for network security in the cloud by distributing the inspection and enforcement throughout the cloud network to where the traffic naturally flows, rather than forcing traffic redirection to centralized inspection points.”
Stuhlmuller claimed no other vendor is approaching cloud firewalls like Aviatrix, though he expects “very quickly there will be people claiming they do it. But if you take a current NGFW and you install it in every one of the [virtual machines], you are still having to manage those as individual firewalls. You’re not actually creating a distributed system, so it’s going to take a while for them to actually spin it to that,” he argued.
“We’re the first ones doing this, and really the only ones at this point,” he touted.