The new distributed cloud firewall offering distributes both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls. Credit: Thinkstock Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments.The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services.“Aviatrix is the first to deliver a distributed cloud firewall,” said Rod Stuhlmuller, vice president of solutions marketing at Aviatrix. “Customers are no longer constrained by last-generation firewall architectures in the cloud. This changes the game and allows enterprises to both reduce cloud infrastructure costs and improve security immediately across all their public cloud environments.” Aviatrix distributed cloud firewall is available at launch and can be deployed on AWS, Azure, and GCP marketplaces with a metered pricing model. While existing customers will have to upgrade to gain features, new customers can access them through a fresh subscription. Existing solutions outdated by evolved cloud workloads Aviatrix aims to address the growing networking needs of modern multicloud deployments as existing solutions have an outdated centralized inspection point that cloud traffic needs to redirect through.“As enterprises have worked to modernize their application architectures and infrastructure by migrating to the public cloud, many have simply replicated on-premises firewall architectures in the cloud,” said John Grady, principal analyst at Enterprise Strategy Group. “This can require complex configuration, policy management, and routing paths to ensure proper inspection, all of which are complicated in multicloud environments.” Containerized, ephemeral, modern cloud applications, with direct-to-internet and service mesh connections, rely heavily on PaaS services and API gateways for elastic scaling, according to Aviatrix. This breaks both traditional centralized and agent-based network security approaches in the cloud.Additionally, security teams in dynamic application environments need to adapt by shifting policy creation to account for changing IP addresses and aligning with rapid release cycles through DevSecOps automation and CI/CD pipelines in cloud infrastructure delivery.“A truly converged solution that offers centralized management and distributed inspection and enforcement across multiple cloud providers is needed,” Grady added.Aviatrix leverages dynamic cloud workload identity tagsAviatrix’s distributed cloud firewall features a centralized programmable interface that claims to create and push policies wherever required across any multicloud environment, leveraging dynamic cloud workload identity tags and attributes instead of static IP addresses.It also abstracts how and where policies are enforced by programmatically configuring native cloud services where required.“Aviatrix Distributed Cloud Firewall embeds network security inspection and policy enforcement into the cloud network data plane; it’s not bolted on as a centralized inspection point that cloud traffic must be un-naturally redirect through,” Stuhlmuller said. “Distributing network security inspection and policy enforcement into the natural path of network traffic greatly reduces cloud infrastructure costs, and operational complexity, and improves security.” The company also claims a consistent native cloud network and security orchestration in the sense that it supports native cloud APIs for both cloud network and cloud security orchestration to remove underlying cloud infrastructure complexities, create consistency across cloud service providers, and avoid conflicts between networking and security configurations.“By embedding security into the network, protection is placed closer to workloads but without having to manually configure and deploy firewall instances,” Grady said. “This provides more granular visibility, as security teams can see everything traversing the network and have a deeper understanding of the relationships between entities. It also allows for protecting east/west traffic and microsegmentation policies without having to hairpin traffic to dedicated firewalls.”Apart from basic firewalling, Aviatrix’s distributed cloud firewall supports microsegmentation, network isolation, automated threat detection and mitigation, anomaly detection, vulnerability scanning, cloud workload risk scoring, L7 decryption and inspection, full traffic visibility, and audit reporting.US-based multinational hospitality company Choice Hotels, with nearly 7,500 hotels in more than 40 countries, is an early customer deploying Aviatrix in its modern cloud infrastructure. Related content news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe