Traditional and next-generation firewalls are steadily falling short in adequately safeguarding end users and their devices from evolving cybersecurity threats. Traditional firewalls, which primarily focus on network traffic based on predetermined rules, face limitations in addressing sophisticated, application-layer attacks. Despite the advancements offered by next-generation firewalls, including features like deep packet inspection and intrusion prevention, they too struggle to keep pace with the dynamic nature of modern threats and may instill a false sense of security due to their complexity.
The failure to protect end users and devices underscores a shift in the threat landscape. Malicious actors increasingly target users through tactics like social engineering and phishing, which may not be effectively countered by network-centric security measures alone. Additionally, the diverse array of devices in use today, including those within IoT, poses a challenge for traditional and next-generation firewalls in securing each device effectively.
Cloudbrink suggests offloading remote-user security functions improves the stability of existing firewalls and the network performance experienced by remote users. Cloudbrink uses AI and ML to provide edge-native hybrid access as a service, which delivers accelerated performance for cloud, SaaS and data center applications. Cloudbrink’s software-only solution includes the personal SD-WAN with high-performance zero-trust access and automated moving target defense security.
“Firewalls were designed to protect the data center, then the network, and now the cloud,” said Prakash Mana, CEO of Cloudbrink. “But you have to deliver protection where data is consumed and curated, which is with your users and increasingly users are everywhere. Existing firewalls were never designed with a large work-from-anywhere workforce in mind.”
Acting on this firewall shortfall, Cloudbrink added firewall-as-a-service to its zero-trust access solution.
Cloudbrink’s FWaaS lets admins set granular controls according to static and dynamic properties of the end-users and their devices. Static properties include rules about what resources or applications can be accessed by individuals. Soon to be released dynamic properties cover the compliance of the device - when a virus scan ran last, for example.
“Our FWaaS takes care of the remote users, leaving the existing firewall to do the jobs it was intended for - such as Layer 3 protection against DDoS attacks,” said Mana. “If you’re only using a firewall to protect a remote workforce, the Cloudbrink service can replace it altogether.”
Cloudbrink also plans to introduce enhanced reporting features for security and networking teams, enabling the identification of anomalies based on user behavior and optimizing application performance. The current service already integrates zero-trust access and moving target defense principles, employing rotational mTLS 1.3 to automatically refresh user certificates at brief intervals. This dynamic approach, where certificates can expire every few minutes, minimizes the window of opportunity for attackers, even in the event of device compromise.
Additionally, Cloudbrink users will have the option to access data center applications using IPSec, providing an alternative to the Cloudbrink Connector. This IPsec capability supports connections through various existing network devices, including firewalls, SD-WAN gateways, routers and other IPSec devices.
“Our solution provides better management and control for IT teams without compromising the productivity of end-users,” said Mana. “We already deploy best-in-class zero-trust security to control access at the user level. The FWaaS enables the service to be tailored more closely to the security needs of the enterprise.”
FWaaS functionality and IPsec connectivity are bundled with the Cloudbrink service as of December 2023.
Edited by
Alex Passett
