The new distributed cloud firewall offering distributes both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls.

cloud security ts


Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments.

The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services.

“Aviatrix is the first to deliver a distributed cloud firewall,” said Rod Stuhlmuller, vice president of solutions marketing at Aviatrix. “Customers are no longer constrained by last-generation firewall architectures in the cloud. This changes the game and allows enterprises to both reduce cloud infrastructure costs and improve security immediately across all their public cloud environments.”

Aviatrix distributed cloud firewall is available at launch and can be deployed on AWS, Azure, and GCP marketplaces with a metered pricing model. While existing customers will have to upgrade to gain features, new customers can access them through a fresh subscription.

Existing solutions outdated by evolved cloud workloads       

Aviatrix aims to address the growing networking needs of modern multicloud deployments as existing solutions have an outdated centralized inspection point that cloud traffic needs to redirect through.

“As enterprises have worked to modernize their application architectures and infrastructure by migrating to the public cloud, many have simply replicated on-premises firewall architectures in the cloud,” said John Grady, principal analyst at Enterprise Strategy Group. “This can require complex configuration, policy management, and routing paths to ensure proper inspection, all of which are complicated in multicloud environments.”

Containerized, ephemeral, modern cloud applications, with direct-to-internet and service mesh connections, rely heavily on PaaS services and API gateways for elastic scaling, according to Aviatrix. This breaks both traditional centralized and agent-based network security approaches in the cloud.

Additionally, security teams in dynamic application environments need to adapt by shifting policy creation to account for changing IP addresses and aligning with rapid release cycles through DevSecOps automation and CI/CD pipelines in cloud infrastructure delivery.

“A truly converged solution that offers centralized management and distributed inspection and enforcement across multiple cloud providers is needed,” Grady added.

Aviatrix leverages dynamic cloud workload identity tags

Aviatrix’s distributed cloud firewall features a centralized programmable interface that claims to create and push policies wherever required across any multicloud environment, leveraging dynamic cloud workload identity tags and attributes instead of static IP addresses.

It also abstracts how and where policies are enforced by programmatically configuring native cloud services where required.

“Aviatrix Distributed Cloud Firewall embeds network security inspection and policy enforcement into the cloud network data plane; it’s not bolted on as a centralized inspection point that cloud traffic must be un-naturally redirect through,” Stuhlmuller said. “Distributing network security inspection and policy enforcement into the natural path of network traffic greatly reduces cloud infrastructure costs, and operational complexity, and improves security.”

The company also claims a consistent native cloud network and security orchestration in the sense that it supports native cloud APIs for both cloud network and cloud security orchestration to remove underlying cloud infrastructure complexities, create consistency across cloud service providers, and avoid conflicts between networking and security configurations.

“By embedding security into the network, protection is placed closer to workloads but without having to manually configure and deploy firewall instances,” Grady said. “This provides more granular visibility, as security teams can see everything traversing the network and have a deeper understanding of the relationships between entities. It also allows for protecting east/west traffic and microsegmentation policies without having to hairpin traffic to dedicated firewalls.”

Apart from basic firewalling, Aviatrix’s distributed cloud firewall supports microsegmentation, network isolation, automated threat detection and mitigation, anomaly detection, vulnerability scanning, cloud workload risk scoring, L7 decryption and inspection, full traffic visibility, and audit reporting.

US-based multinational hospitality company Choice Hotels, with nearly 7,500 hotels in more than 40 countries, is an early customer deploying Aviatrix in its modern cloud infrastructure.

Copyright © 2023 IDG Communications, Inc.