Saturday, November 26, 2022

6 Top Firewall-as-a-Service Providers

Firewall as a service (FWaaS) promises to extend the capabilities of next-generation firewall (NGFW) and unified threat management (UTM) solutions across a modern IT environment. Using a centrally-managed FWaaS solution permits an organization to deploy consistent protection in a scalable and consistent manner to geographically dispersed users, cloud applications, and local network resources.

Vendors in the FWaaS market tend to provide their solution as a feature within other products such as secure service edge (SSE) from Cato Networks, zero-trust network architecture (ZTNA) from Perimeter 81 or Zscaler, or secure access service edge (SASE) solutions offered by Cisco or Palo Alto.

Only a few vendors, such as Cloudflare, offer a stand-alone FWaaS service, and several of them don’t even use their own technology; instead, they deploy the Palo Alto solution as a service.

1. Cato Networks SSE 360

Headquartered in Tel Aviv-Yafo, Israel, Cato Networks focuses on cloud-first network architecture and makes a claim to be the world’s first SASE platform.

Key features

  • Incorporates FWaaS features into its security service edge product that converges secure web gateway (SWG), cloud access service broker (CASB), data loss protection (DLP), and ZTNA into a single software-as-a-service (SaaS) solution
  • Simplifies and streamlines deployment
  • High-performance NGFW packet inspection
  • Reduces attack surface
  • Consistent policy enforcement
  • Reduces maintenance and update workload on IT teams

Differentiators

  • Global private internet backbone with built-in acceleration to deliver faster speeds than generic internet connections
  • A seamless integration with full SASE solutions

User review

“Cato is a stellar SASE provider with an extremely intelligent and decisive support team that is prompt, responsive, helpful, and [patient]. We have had a great experience with deploying our SaaS edge network, and they have been there right along with us all [the] way.” -A senior cloud infrastructure architect for an IT services company, review at Gartner Peer Insights

Honors

2. Cisco Umbrella

Networking giant Cisco, based out of San Jose, California, offers its feature-rich Umbrella platform to help secure users and resources connected through the internet.

Key features

Differentiators

  • Anycast routing technology that allows all data centers to identify themselves with the same IP address to ensure the shortest possible journey between users and resources
  • More than 30 data centers worldwide

User review

“[Cisco Umbrella] allows you to review threats as well as update a shared database of negative and destructive web links in real time. Cisco Umbrella makes it simple to visualize and customize your risk defense. Individuals may also submit their own request to the administrator to review a blocked website. I recommend Cisco Umbrella if you want a simple online defense against risks at the application level that is easy to implement while also providing adaptable manageability and effective defense.” -Data engineer for SoftBank Group, review at TrustRadius

Honors

3. Cloudflare Magic Firewall

San Francisco-based Cloudflare specializes in delivering information. Its original products improved website and application performance, but Cloudflare quickly expanded into security products to protect against distributed denial-of-service (DDoS) attacks or to enable secure connections from and to remote resources.

Cloudflare’s Magic Firewall solution provides a stand-alone FWaaS solution as well as FWaaS features for the broader Cloudflare One SASE platform.

Key features

  • Filtering rules based on protocol, port, IP address, packet length, and bit field match
  • Protocol validation rules to inspect traffic validity
  • Deploy with unlimited scale
  • Integrate managed threat intelligence IP lists
  • Provide DDoS protection
  • Deploy rule changes in under 500 ms
  • Capture packets on-demand for troubleshooting
  • Block users based on the country where their traffic originates

Differentiators

  • Full integration with a full suite of Cloudflare tools, including SASE, website security, and website performance solutions
  • A global network of data centers in 275 cities in more than 100 countries
  • Fast connections of under 50 ms for 95% of connections and a capacity of 155 Tbps for transit connections, peering, and private network connections

User review

“In the past, filtering had to be done through complex access-lists across multiple network equipments. Now, it can be all managed through the Cloudflare Dashboard — fill in the form, and press validate. With less risks, more people can now manage security.” -Managing director and founder of premium managed hosting service provider, Nexylan, in a case study

Honors

4. Palo Alto Networks FWaaS Virtual Appliance

Santa Clara, California-based Palo Alto Networks, a well-established firewall appliance provider, offers FWaaS as part of its Prisma SASE product and its Prisma Cloud security platform. Customers already familiar with Palo Alto firewalls can easily transition to the cloud-based platforms to configure and deploy firewalls to local networks from Palo Alto’s global network.

Key features

  • NGFW technology is included in Palo Alto’s cloud-based products
  • Advanced URL filtering
  • Packet inspection
  • OSI Layer 7 Firewall
  • Controls for the application layer
  • Centralized visibility over security incidents across the network

Differentiators

  • App-ID analysis of applications to identify apps and provide granular control over the features of the application, such as allowing instant messaging through but denying file transfers
  • Machine learning (ML)-powered threat prevention against zero-day threats
  • Can be deployed as Prisma Access for Clean Pipe for service providers and telcos with multi-tenant environments. This deployment can be seen as stand-alone FWaaS offerings from:

User review

“[Prisma SASE solution is] useful in complex environments. … The interface is the same as that of firewalls, so if you are comfortable you don’t have to learn a new thing, but you can already apply your knowledge. Useful for centralizing logs, configurations, and certainly [firewall] management in general.” -A network administrator for a mid-market enterprise, review at G2

Honors

5. Perimeter 81 Cloud Network Management Platform

Perimeter 81, based in Tel Aviv, Israel, offers customers the easy-to-deploy Cloud Network Management Platform to provide secure connections between remote users, networks, and applications.

The solution offers four levels of service with FWaaS policies offered in three of the levels: Premium (10 policies), Premium Plus (100 Policies), and Enterprise (unlimited policies).

Key features

  • Encrypts all communication with always-on VPN capabilities
  • Allows for adding additional IPsec and Secure Sockets Layer (SSL) encryption for extra defense
  • Automatically deploys zero-trust policy-based segmentation, activity audits, activity reports, 1,000 Mbps per gateway performance, and unlimited network tunnels

Differentiators

  • Simplified and quick deployment of enterprise-level network and data security
  • Ease of use for desktop, laptop, or mobile operating system (OS) users
  • Fully integrated with a tool that meets zero-trust and SASE requirements
  • No installation fee, minimum subscription period, or upfront costs

User review

“We use it [Perimeter 81] for worldwide VPN networks and to help authenticate our employees logging into several different applications. The service allows you to segment to dial in via various regions around the world. They help with a delay in speeds, etc.” -Solutions consultant, review at TrustRadius

Honors

  • In 2021, Perimeter 81 received the SINET16 Innovator award as one of the 16 most “innovative and compelling” companies addressing cybersecurity threats and vulnerabilities for the year
  • Perimeter 81 also resides among the five leaders in the the Forrester “New Wave” report on zero-trust network access for Q3 2021

6. Zscaler Zero Trust Exchange

Based in San Jose, California, Zscaler offers a cloud-first approach to securing corporate environments. Zscalar’s Cloud Firewall is incorporated as a feature in the Transformation and ELA Zscaler Internet Access Editions as well as its Zero Trust Exchange platform.

Key features

  • Protect users and resources with a cloud-based, scalable solution
  • Eliminates the attack surface
  • Prevents lateral movement threats
  • Improves monitoring
  • Incorporate SWG, CASB, DLP, and full SSL inspection capabilities
  • Reduces costs and reduces complexity

Differentiators

  • Always-on cloud intrusion prevention system (IPS)
  • Special monitoring to catch stealthy techniques on non-standard ports
  • Cloud-delivered protection with global edge presence

User review

“[Zscaler is] a terrific method to be entirely compliant. The Zscaler Internet Access Platform is a dedicated SSE solution that focuses on risk mitigation, reliability, and scalability to allow us to deliver our users secure access to our applications while keeping them secure. Zscaler Cloud Security Platform provides us with safe internet gateways with complete functionality and incorporated internet security. Because attackers can’t attack what they can’t see, the Zscaler technology hides source identities by distorting their IP addresses and prevents the business network from being exposed to the internet.” -Program director of DACH integration and TR for a services company, review at Gartner Peer Insights

Honors

  • Zscaler is a leader in the Gartner “Magic Quadrant” on security service edge for 2022
  • Zscaler won the Zero Trust Champion of the Year award at Microsoft’s 2021 20/20 Partner Awards ceremony.
  • Zscaler is a leader in the Forrester “New Wave” report on zero-trust network access for Q3 2021

Similar articles

Latest Articles