Cloudbrink Moves Firewall to the Edge to Improve Security for Remote Users

Cloudbrink Moves Firewall to the Edge to Improve Security for Remote Users

By Greg Tavarez

Traditional and next-generation firewalls are steadily falling short in adequately safeguarding end users and their devices from evolving cybersecurity threats. Traditional firewalls, which primarily focus on network traffic based on predetermined rules, face limitations in addressing sophisticated, application-layer attacks. Despite the advancements offered by next-generation firewalls, including features like deep packet inspection and intrusion prevention, they too struggle to keep pace with the dynamic nature of modern threats and may instill a false sense of security due to their complexity.

The failure to protect end users and devices underscores a shift in the threat landscape. Malicious actors increasingly target users through tactics like social engineering and phishing, which may not be effectively countered by network-centric security measures alone. Additionally, the diverse array of devices in use today, including those within IoT, poses a challenge for traditional and next-generation firewalls in securing each device effectively.

Cloudbrink suggests offloading remote-user security functions improves the stability of existing firewalls and the network performance experienced by remote users. Cloudbrink uses AI and ML to provide edge-native hybrid access as a service, which delivers accelerated performance for cloud, SaaS and data center applications. Cloudbrink’s software-only solution includes the personal SD-WAN with high-performance zero-trust access and automated moving target defense security.

“Firewalls were designed to protect the data center, then the network, and now the cloud,” said Prakash Mana, CEO of Cloudbrink. “But you have to deliver protection where data is consumed and curated, which is with your users and increasingly users are everywhere. Existing firewalls were never designed with a large work-from-anywhere workforce in mind.”

Acting on this firewall shortfall, Cloudbrink added firewall-as-a-service to its zero-trust access solution.

Cloudbrink’s FWaaS lets admins set granular controls according to static and dynamic properties of the end-users and their devices. Static properties include rules about what resources or applications can be accessed by individuals. Soon to be released dynamic properties cover the compliance of the device - when a virus scan ran last, for example.

“Our FWaaS takes care of the remote users, leaving the existing firewall to do the jobs it was intended for - such as Layer 3 protection against DDoS attacks,” said Mana. “If you’re only using a firewall to protect a remote workforce, the Cloudbrink service can replace it altogether.”

Cloudbrink also plans to introduce enhanced reporting features for security and networking teams, enabling the identification of anomalies based on user behavior and optimizing application performance. The current service already integrates zero-trust access and moving target defense principles, employing rotational mTLS 1.3 to automatically refresh user certificates at brief intervals. This dynamic approach, where certificates can expire every few minutes, minimizes the window of opportunity for attackers, even in the event of device compromise.

Additionally, Cloudbrink users will have the option to access data center applications using IPSec, providing an alternative to the Cloudbrink Connector. This IPsec capability supports connections through various existing network devices, including firewalls, SD-WAN gateways, routers and other IPSec devices.

“Our solution provides better management and control for IT teams without compromising the productivity of end-users,” said Mana. “We already deploy best-in-class zero-trust security to control access at the user level. The FWaaS enables the service to be tailored more closely to the security needs of the enterprise.”

FWaaS functionality and IPsec connectivity are bundled with the Cloudbrink service as of December 2023.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

MSP Expo Sponsor Wildix Launches E-Learning Platform

By: Greg Tavarez    6/24/2024

MSP Expo sponsor Wildix launched its new e-learning platform designed to enhance training and certification processes for MSPs and system integrators.

Read More

Strategizing to Strengthen Asset Intelligence Capabilities, Courtesy of Sevco Security and GuidePoint Security Partnership

By: Alex Passett    6/24/2024

Last week, a new strategic reseller partnership was announced between Sevco Security and GuidePoint Security.

Read More

SUSE Launches Cloud Elevate Program

By: Stefania Viscusi    6/24/2024

SUSE announced a new SUSE One Cloud Elevate Program, designed to empower SUSE One partners to sell SUSE's open-source solutions more effectively.

Read More

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More