While the need for network firewalls might be higher than ever, physical firewalls are a rigid, fixed resource that is difficult to adapt for the ever-changing landscape of cyber security. Maybe more worrying though, the rate at which bandwidth demand, traffic mix and SSL/TLS adoption are growing, means that a physical firewall installed today would fail to offer acceptable traffic inspection capacity well before the average three-year upgrade cycle. This leaves many enterprises exposed but they can join network security leaders who are adopting a network firewall strategy, which is more scalable and affordable.
Virtualizing your on-premise network firewalls allows you to enjoy the same features as physical firewalls, but with added flexibility, meaning you don’t need a crystal ball to foresee your future security needs.
This is the approach that data centers adopted when the physical alternative became clunky and untenable. And now, the vanguard of network security leaders are adopting the same model for inbound/outbound traffic at the network gateway by virtualizing their on-premise network firewalls.
In this whitepaper we will discuss why network security leaders are opting to virtualize the network firewall, the scale and economic benefits to be gained, and how turnkey automation is the secret ingredient to making this a viable network firewall virtualization solution.
Why Network Security Leaders are Virtualizing
the reports agree: the trend is for virtualization in the security market, as it has been in computing. According to Statista, the virtualization software market globally in 2020 was approximately 15 billion U.S. dollars and is expected to grow by at least 10 billion U.S. dollars over the next few years.1 Similarly, Future Market Insights forecasts that the global data virtualization cloud market will expand at an astounding CAGR of 25% and surpass a valuation of US$ 5.6 billion by 2030, as the IT market adopts cloud-based operations.
When it comes to network security technology, Gartner’s 2020 Magic Quadrant for Network Firewalls report forecasts a massive uptick in firewall virtualization, predicting that Firewall as a Service (FWaaS) will represent 30% of new distributed branch office firewall deployments by 2025, up from less than 5% in 2020. This conclusion is supported by a recently published report from Dell’Oro Group, the trusted source for market information about the telecommunications, networks, and data center IT industries, that found virtual firewall revenue accelerated 34 percent year-over-year in Q4 2020, which is significantly more than the 8% year-overyear revenue growth for physical firewall appliances.
There are some obvious reasons for this:
• Firstly, virtual firewalls have evolved to provide services which replicate the capabilities customers expect from physical firewalls. There is no longer an argument to say that virtual firewalls are the poor cousins of their physical counterparts. They offer feature parity, with the same level of robustness and functionality.
• Secondly, virtual firewalls can solve issues which physical firewalls are struggling to address. Enterprises are experiencing a demand for increased bandwidth, at the same time that their traffic mix is evolving. SSL/TLS adoption is growing at an exponential rate, leading to the challenge of inspecting such high levels of encrypted traffic while keeping the network flowing. Security leaders need to increase inspection capacity and threat protection, but relying on physical firewalls to do so involves expensive hardware upgrades, specialised DevOps, and putting up with downtime while changes are made to the network security infrastructure. In a word, virtual firewalls offer the same features but significantly more scale, flexibility, and simplicity
Benefits of Network Firewall Virtualization
It is becoming clear that virtual firewalls promise the scale to be able to dynamically address ever-changing network security needs. On top of that, firewall virtualization for private network firewalls delivers numerous other advantages compared to the traditional model of physical firewalls, making it an attractive alternative.
• Scalability: a software-defined model allows users to increase inspection capacity depending on daily requirements. Security professionals no longer have to rely on accurate predictions of future use.
• Agility: again, thanks to the cloud-based approach, there is the ability to dynamically add capacity at the push of a button. Not only is it quick, it’s easy.
• Reduced OPEX: there isn’t the initial outlay on new hardware, instead the model is subscription based. Expenses move from CAPEX to OPEX and you only pay for what you need at any given time.
• Zero-touch operations: virtualization enables centralized management with an intuitive UI. One virtualized infrastructure manager can orchestrate policy management and other administrative functions across the whole network. What’s more, enterprises no longer have to worry whether they have the scarce DevOps expertise in-house to set up and manage a new firewall. It’s quick and easy to train staff.
• Future services: when built on a secure access secure edge (SASE) framework, you can start with virtual network firewalls today and add other security services in the future. Capabilities like: application awareness and control; intrusion detection and prevention; advanced malware detection; URL filtering; and logging and reporting.
Additional benefits realized by using virtual firewalls with a turnkey platform that automates firewall virtualization are outlined in the table below as they compare to the hardware-based firewalls. Simply put, with network firewall virtualization, enterprises can increase inspection capacity and threat protection in their private network, while enjoying flexible deployment and operation.
Automating Firewall Virtualization Can Be Easy
There is one remaining hurdle though. The thought of virtualization is enough to put off many a network architect; too many forced virtualization projects gone wrong that led to costly backtracking and sub-optimal results. To move to virtual network firewalls, it needs to be simple to migrate, easy to manage and adaptable. Network security professionals must be able to take advantage of the same type of virtual firewall instances used in the cloud and have an automatic way of creating and deploying exact replicas of the physical firewalls.
However, the steps required to achieve full network firewall virtualization are multiple and complex, including:
1. Purchase of optimized server hardware
2. Configuration of hypervisor software
3. Integration of vendor licensing
4. Provision of configuration and policy settings
5. Health check mechanisms
6. Single pane-of-glass orchestration and monitoring
7. Testing and maintenance
If you think this list looks overwhelming at first glance; that’s because it is if you undertake a DIY virtualization. But, if you leverage a turnkey platform, you can automate firewall virtualization with speed, simplicity and agility. To do this, a truly turnkey platform must:
• Ensure you use the right commodity server for the virtual firewalls to run on.
• Provide optimized hypervisor software on the server.
• Automate the bootstrap, software upgrade, and configuration of the virtual firewall.
• Scale the service across multiple firewalls and customers.
This turnkey platform automates virtualization every step of the process. You get push-button virtualization of hardware firewalls which is tightly integrated with existing network operations. It can be deployed into the private network in minutes and offers zero-touch network security operations, eliminating the need for ongoing maintenance or heavy lifting from the operator’s end. It is so straightforward that it clearly saves time and effort and brings the added benefit of operational and economic efficiencies.