The new distributed cloud firewall offering distributes both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls. Credit: Thinkstock Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments.The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services.“Aviatrix is the first to deliver a distributed cloud firewall,” said Rod Stuhlmuller, vice president of solutions marketing at Aviatrix. “Customers are no longer constrained by last-generation firewall architectures in the cloud. This changes the game and allows enterprises to both reduce cloud infrastructure costs and improve security immediately across all their public cloud environments.” Aviatrix distributed cloud firewall is available at launch and can be deployed on AWS, Azure, and GCP marketplaces with a metered pricing model. While existing customers will have to upgrade to gain features, new customers can access them through a fresh subscription. Existing solutions outdated by evolved cloud workloads Aviatrix aims to address the growing networking needs of modern multicloud deployments as existing solutions have an outdated centralized inspection point that cloud traffic needs to redirect through.“As enterprises have worked to modernize their application architectures and infrastructure by migrating to the public cloud, many have simply replicated on-premises firewall architectures in the cloud,” said John Grady, principal analyst at Enterprise Strategy Group. “This can require complex configuration, policy management, and routing paths to ensure proper inspection, all of which are complicated in multicloud environments.” Containerized, ephemeral, modern cloud applications, with direct-to-internet and service mesh connections, rely heavily on PaaS services and API gateways for elastic scaling, according to Aviatrix. This breaks both traditional centralized and agent-based network security approaches in the cloud.Additionally, security teams in dynamic application environments need to adapt by shifting policy creation to account for changing IP addresses and aligning with rapid release cycles through DevSecOps automation and CI/CD pipelines in cloud infrastructure delivery.“A truly converged solution that offers centralized management and distributed inspection and enforcement across multiple cloud providers is needed,” Grady added. Aviatrix leverages dynamic cloud workload identity tagsAviatrix’s distributed cloud firewall features a centralized programmable interface that claims to create and push policies wherever required across any multicloud environment, leveraging dynamic cloud workload identity tags and attributes instead of static IP addresses.It also abstracts how and where policies are enforced by programmatically configuring native cloud services where required.“Aviatrix Distributed Cloud Firewall embeds network security inspection and policy enforcement into the cloud network data plane; it’s not bolted on as a centralized inspection point that cloud traffic must be un-naturally redirect through,” Stuhlmuller said. “Distributing network security inspection and policy enforcement into the natural path of network traffic greatly reduces cloud infrastructure costs, and operational complexity, and improves security.” The company also claims a consistent native cloud network and security orchestration in the sense that it supports native cloud APIs for both cloud network and cloud security orchestration to remove underlying cloud infrastructure complexities, create consistency across cloud service providers, and avoid conflicts between networking and security configurations.“By embedding security into the network, protection is placed closer to workloads but without having to manually configure and deploy firewall instances,” Grady said. “This provides more granular visibility, as security teams can see everything traversing the network and have a deeper understanding of the relationships between entities. It also allows for protecting east/west traffic and microsegmentation policies without having to hairpin traffic to dedicated firewalls.”Apart from basic firewalling, Aviatrix’s distributed cloud firewall supports microsegmentation, network isolation, automated threat detection and mitigation, anomaly detection, vulnerability scanning, cloud workload risk scoring, L7 decryption and inspection, full traffic visibility, and audit reporting. US-based multinational hospitality company Choice Hotels, with nearly 7,500 hotels in more than 40 countries, is an early customer deploying Aviatrix in its modern cloud infrastructure. Related content news Kroll cyber threat landscape report: AI assists attackers AI is simplifying all sorts of tasks — and not always for the better: cybercriminals, too, are adopting it. By Lynn Greiner May 24, 2024 1 min Threat and Vulnerability Management Cybercrime Vulnerabilities news analysis Windows Recall — a ‘privacy nightmare’? The Windows AI feature announced by Microsoft this week quickly drew criticism for recording regular screenshots of a user’s screen; one security expert compared it to keylogging software. By mfinnegan May 24, 2024 1 min Privacy feature What is spear phishing? Examples, tactics, and techniques Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack. By Josh Fruhlinger May 24, 2024 14 mins Phishing Cyberattacks Fraud news analysis Emerging ransomware groups on the rise: Who they are, how they operate New and developing ransomware gangs move to fill the void left by the shutdown and law enforcement disruption of big players, with differing tactics and targets. By Lucian Constantin May 24, 2024 6 mins Ransomware Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe