Hi security and IT professionals,
In what cases should an organization choose a Firewall as a Service (FWaaS) solution?
When should FWaaS be a complementary product to the on-premise FW/NGFW?
Generally, FWaaS would be a preferred option for organizations that:
1) Don't have a dedicated security expert team available.
2) Are looking for the perimeter security to be provided by the ISP, typically.
3) Don't want to invest their resource/time in managing the perimeter firewalls.
Nowadays, internet links are provided as clean pipes where the internet service provider uses the cloud firewall and allocates the vDOM to the customer in the cloud, hence a value-added service on top of the internet link. As long as the ISP is flexible enough to configure/change the FW policies as per the requirement, it is a win-win situation for both. Also, it eliminates the capex investment on day 1 for any organization.
Further, ISP (tier-1) have access to all the latest policies from the OEM and other bodies to keep the FW tables updated, ensuring better security for your organizations from malicious traffic.
I have looked at FWaaS for years (originally from Value Added Network service providers such as Virtela) and my best answer is based on the organization's scale/size. Is the organization large enough to support managing your own firewalls? (Let's say perhaps >10,000 people). Smaller organizations need some form of managed services as you can't afford dedicated firewall experts.The second criteria is network architecture, how does you organization connect to the Internet? If your ISP can provide FWaaS or an overlay for a third party without leakage and being affordable then FWaaS is worth considering.Third criteria, who is offering FWaaS? How competent is the service provider? Will they be able to provide the kind of derive you need in terms of your specific needs? How complex are its needs or do you need something very generic? How much risk is in your data in your network? I have been moving many of our systems to cloud providers (SaaS ideally) but when building our own SaaS platforms then we need more sophisticated firewall services like WAF and ADC.
FWaaS offered by an MSSP is a way to ensure your security keeps pace and is always 'fresh'. When an organization has better things to do than constantly upgrade and monitor their firewalls, FWaaS - especially when it's built by an MSSP using centralized virtual firewalls - allows the organization to focus its IT and network security teams on digital transformation and other strategic initiatives.
The most important criterium is: would you be able and willing to do it yourself?
Most smaller companies lack the skills, to be honest. So it's better to leave it up to a professional. Having said that, your FWAAS provider needs to understand your business and set up the FW accordingly.
To set up only a standard FW might not deliver sufficient security for you. In that case, the FWaaS provider is limited to a negative cash generator...
Hi @Swapnil Talegaonkar, @Devanand PR, @Manish Nalawade and @Basil Dange.
Can you please share your professional advice with other peers?
When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?