Moves firewall to the edge to improve security and performance for remote users; adds IPsec option for data center apps
Cloudbrink has added firewall-as-a-service (FWaaS) to its zero-trust access solution, the first vendor to provide granular security controls all the way to the user edge for the comprehensive protection of endpoint devices.
CIO INFLUENCE: Ascend.io Launches Solution in Partnership with Snowflake, Enabling Cost Savings for Data Teams
The company, which delivers high-performance zero-trust application connectivity to the hybrid workforce, says traditional and next-generation firewalls fail to protect end users and their devices.
Offloading remote-user security functions improves the stability of existing firewalls and the network performance experienced by remote users, Cloudbrink claims.
Prakash Mana, chief executive officer of Cloudbrink, said: “Firewalls were designed to protect the data center, then the network, and now the cloud. But you have to deliver protection where data is consumed and curated, which is with your users – and increasingly users are everywhere.”
“Existing firewalls were never designed with a large work-from-anywhere workforce in mind. Our FWaaS takes care of the remote users, leaving the existing firewall to do the jobs it was intended for – such as Layer 3 protection against DDoS attacks. If you’re only using a firewall to protect a remote workforce, the Cloudbrink service can replace it altogether.”
Cloudbrink’s FWaaS enables admins to set granular controls according to static and dynamic properties of the end-users and their devices. Static properties include rules about what resources or applications can be accessed by individuals. Soon to be released dynamic properties cover the compliance of the device – when a virus scan ran last, for example.
Also scheduled for a future release are extended reporting capabilities enabling security and networking teams to spot anomalies based on user behavior and opportunities to tune application performance.
Cloudbrink’s service already implements zero-trust access and moving target defense principles. It uses rotational mTLS (mutual Transport Layer Security) 1.3 to refresh user certificates automatically at short intervals. Certificates that can be set to expire every few minutes rather than after months or years mean that even when a device is compromised an attacker would only have a narrow window for an attack.
CIO INFLUENCE: PlainID Launches The PlainID Technology Network to Enable Identity Aware Security for Advanced Access Control
Mana said: “Firewalling for endpoints is an absolute requirement for security in distributed systems, which has become even more urgent with the growth of the hybrid workforce.
“Our solution provides better management and control for IT teams without compromising the productivity of end-users. We already deploy best-in-class zero-trust security to control access at the user level. The FWaaS enables the service to be tailored more closely to the security needs of the enterprise.”
Separately, Cloudbrink announced that customers will be able to use the service to access data center applications using IPSec as an alternative to the Cloudbrink Connector. The IPsec capability will support connections through existing network firewalls, SD-WAN gateways, routers and other IPSec devices.
CIO INFLUENCE: Anglicare Leverages Ribbon and Switch Connect for Voice Consolidation and Path for Microsoft Teams Deployment
[To share your insights with us, please write to sghosh@martechseries.com]
