Generally, FWaaS would be a preferred option for organizations that:
1) Don't have a dedicated security expert team available.
2) Are looking for the perimeter security to be provided by the ISP, typically.
3) Don't want to invest their resource/time in managing the perimeter firewalls.
Nowadays, internet links are provided as clean pipes where the internet service provider uses the cloud firewall and allocates the vDOM to the customer in the cloud, hence a value-added service on top of the internet link. As long as the ISP is flexible enough to configure/change the FW policies as per the requirement, it is a win-win situation for both. Also, it eliminates the capex investment on day 1 for any organization.
Further, ISP (tier-1) have access to all the latest policies from the OEM and other bodies to keep the FW tables updated, ensuring better security for your organizations from malicious traffic.
I have looked at FWaaS for years (originally from Value Added Network service providers such as Virtela) and my best answer is based on the organization's scale/size. Is the organization large enough to support managing your own firewalls? (Let's say perhaps >10,000 people). Smaller organizations need some form of managed services as you can't afford dedicated firewall experts.
The second criteria is network architecture, how does you organization connect to the Internet? If your ISP can provide FWaaS or an overlay for a third party without leakage and being affordable then FWaaS is worth considering.
Third criteria, who is offering FWaaS? How competent is the service provider? Will they be able to provide the kind of derive you need in terms of your specific needs? How complex are its needs or do you need something very generic? How much risk is in your data in your network?
I have been moving many of our systems to cloud providers (SaaS ideally) but when building our own SaaS platforms then we need more sophisticated firewall services like WAF and ADC.
FWaaS offered by an MSSP is a way to ensure your security keeps pace and is always 'fresh'. When an organization has better things to do than constantly upgrade and monitor their firewalls, FWaaS - especially when it's built by an MSSP using centralized virtual firewalls - allows the organization to focus its IT and network security teams on digital transformation and other strategic initiatives.
The most important criterium is: would you be able and willing to do it yourself?
Most smaller companies lack the skills, to be honest. So it's better to leave it up to a professional. Having said that, your FWAAS provider needs to understand your business and set up the FW accordingly.
To set up only a standard FW might not deliver sufficient security for you. In that case, the FWaaS provider is limited to a negative cash generator...
A Web Application Firewall (WAF) is a specialized security tool designed to protect web applications by monitoring and filtering HTTP traffic between a web application and the Internet. It plays a crucial role in safeguarding against threats and vulnerabilities.WAFs help defend web applications from several common threats by analyzing requests to prevent malicious data from passing through. These solutions work by effectively blocking common attacks such as SQL injection and cross-site...
Generally, FWaaS would be a preferred option for organizations that:
1) Don't have a dedicated security expert team available.
2) Are looking for the perimeter security to be provided by the ISP, typically.
3) Don't want to invest their resource/time in managing the perimeter firewalls.
Nowadays, internet links are provided as clean pipes where the internet service provider uses the cloud firewall and allocates the vDOM to the customer in the cloud, hence a value-added service on top of the internet link. As long as the ISP is flexible enough to configure/change the FW policies as per the requirement, it is a win-win situation for both. Also, it eliminates the capex investment on day 1 for any organization.
Further, ISP (tier-1) have access to all the latest policies from the OEM and other bodies to keep the FW tables updated, ensuring better security for your organizations from malicious traffic.
I have looked at FWaaS for years (originally from Value Added Network service providers such as Virtela) and my best answer is based on the organization's scale/size. Is the organization large enough to support managing your own firewalls? (Let's say perhaps >10,000 people). Smaller organizations need some form of managed services as you can't afford dedicated firewall experts.
The second criteria is network architecture, how does you organization connect to the Internet? If your ISP can provide FWaaS or an overlay for a third party without leakage and being affordable then FWaaS is worth considering.
Third criteria, who is offering FWaaS? How competent is the service provider? Will they be able to provide the kind of derive you need in terms of your specific needs? How complex are its needs or do you need something very generic? How much risk is in your data in your network?
I have been moving many of our systems to cloud providers (SaaS ideally) but when building our own SaaS platforms then we need more sophisticated firewall services like WAF and ADC.
FWaaS offered by an MSSP is a way to ensure your security keeps pace and is always 'fresh'. When an organization has better things to do than constantly upgrade and monitor their firewalls, FWaaS - especially when it's built by an MSSP using centralized virtual firewalls - allows the organization to focus its IT and network security teams on digital transformation and other strategic initiatives.
The most important criterium is: would you be able and willing to do it yourself?
Most smaller companies lack the skills, to be honest. So it's better to leave it up to a professional. Having said that, your FWAAS provider needs to understand your business and set up the FW accordingly.
To set up only a standard FW might not deliver sufficient security for you. In that case, the FWaaS provider is limited to a negative cash generator...
Hi @Swapnil Talegaonkar, @Devanand PR, @Manish Nalawade and @Basil Dange.
Can you please share your professional advice with other peers?