SSE Platform Essential Security Elements - FWaaS | Cloud-Based Platform AIONCLOUD

AIONCLOUD BLOG

Share information related to AIONCLOUD !

Back to BLOG Main

SSE Platform Essential Security Elements – FWaaS

 

Hello, We are MONITORAPP.

Today, as in the last time, we will continue to learn more about AIONCLOUD's Security Service Edge (SSE) platform, Secure Internet Access (SIA).

 

SIA is a Zero-Trust-based security solution that includes 'SWG', 'FWaaS', 'CASB', 'NG DPI', 'ATP' and 'RBI'

Following the introduction of SWG last time, today I will introduce FWaaS.

 


 

What is Firewall as a service (FWaaS)?

 

 

FWaaS is a cloud-based security solution that provides firewall functionality as a service to protect network infrastructure and applications.

 

In other words, unlike a physical firewall installed inside a data center,

 

 

 

 

FWaaS is a firewall that runs in the cloud and is accessed over the internet.

 

So what is a firewall?

 

 

A firewall is a security system that monitors and filters data packets between an internal network and an external network, such as the internet, based on a set of security rules.

In other words, it's a security system that doesn't allow all network traffic, but instead creates security rules to allow only certain traffic.

 

If you allow all network traffic without firewall rules, you're leaving yourself open to attack by potentially malicious traffic at any time.

 

Therefore, you should use appropriate firewall rules to allow only safe traffic

Firewalls are also necessary to enforce network rules set by your business or organization, such as blocking access from certain countries, IPs, ports, or protocols.

 

However, traditional firewalls are designed to protect the internal perimeter of an enterprise's internal network and are either physically installed as hardware devices or run as software on specific servers,

 

 

 

making them unsuitable for comprehensive security in a cloud or hybrid cloud environment.

 

Also, unlike traditional firewalls that are installed once, FWaaS is flexible enough to respond to fluctuating traffic volumes.

If traffic volumes increase, traditional firewalls require additional hardware to be installed, whereas FWaaS does not incur additional hardware costs.

 

 

 

 

This scalability and flexibility allows organizations to respond quickly to business growth or contraction.

 


 

Organizations can use FWaaS to inspect traffic coming into their network and block malicious traffic to prevent hacking attempts or the spread of malicious software from the outside.

This can be accomplished by filtering specific traffic through separate policies.

 

Examples of separate policies include the following.

 

 

 

'Restrict traffic based on geographic location'

 

 

 

 

The FWaaS can use policies to block traffic from certain countries or regions, or to restrict data transfer to certain countries.

 

'Rules based on IP address, port number, and protocol type'

 

 

 

 

FWaaS can create rules based on specific IP addresses, port numbers, and protocol types, allowing you to block/allow traffic based on conditions.

 

In addition to this, FWaaS provides centralized management and monitoring capabilities, allowing administrators to monitor network health and respond to security events in real time.

As such, FWaaS is an essential security solution for secure network usage in cloud environments.

 


 

SSE is an integrated security service based on Edge Computing that ensures secure access to the web, SaaS applications, and private applications in the cloud environment.

FWaaS, which filters traffic based on multiple policies to ensure a safe internet environment, is one of the essential elements of SSE.

 

AIONCLOUD SIA is a Zero Trust-based SSE platform that includes not only FWaaS but also other additional solutions.

The AIONCLOUD SIA accessor can create the following firewall rules

 

Origin conditions

User / IP / Geolocation, three types can be multi-selectable, allowing you to set the desired policy settings for each.

 

Destination conditions

All (all traffic) / User / IP / Geolocation, four types, each of which can be multi-selectable, allowing you to set your own policy settings

 

Service

App Protocol / Application / TCP Port / UDP Port, each of the four types can be multi-selectable, allowing you to set the desired policy for each.

Finally, you can choose whether to block or allow traffic for the conditions you set.

 

Let's take a look at a simple example of setting and enforcing a policy using these conditions.

 

Let's create and apply a policy that requires all employees to only allow the HTTPS protocol when using web services, while blocking traffic using the HTTP protocol, for safer internet usage.

 

 

 

 

For the From condition, select All employees, for the To condition, select All or any, and for the Service condition, select the "HTTP" protocol and set it to block,

and when you access a website that uses the HTTP protocol, it will be blocked.

 

 

 

 

You can see the traffic blocked by this policy in real time.

 

 

 

 

I've shown a simple example, but you can set any combination of the conditions described above to create your own policy and allow only the traffic you think is safe.

 


 

Today, we introduced FWaaS, but you can experience a safer internet environment with AIONCLOUD's SIA, which provides various security solutions on one platform!

If you want to know more about SIA, please visit

https://www.aioncloud.com/secure-internet-access/

Thank you for reading.

 

We will continue to introduce the rest of the features of SIA in the next post.

 

Thank you.

Scroll Up