What is a cloud firewall? What is firewall-as-a-service (FWaaS)?

A cloud firewall protects cloud infrastructure from attacks, just as a traditional firewall protects on-premise networks.

학습 목표

이 글을 읽은 후에 다음을 할 수 있습니다:

  • 클라우드 방화벽을 알아보세요
  • '서비스형 방화벽'의 의미를 알아보세요
  • 클라우드 컴퓨팅이 네트워크 경계에 어떻게 바꾸는지 알아보세요

글 링크 복사

클라우드 방화벽이란 무엇입니까?

A cloud firewall is a security product that, like a traditional firewall, filters out potentially malicious network traffic. Unlike traditional firewalls, cloud firewalls are hosted in the cloud. This cloud-delivered model for firewalls is also called firewall-as-a-service (FWaaS).

Cloud-based firewalls form a virtual barrier around cloud platforms, infrastructure, and applications, just as traditional firewalls form a barrier around an organization's internal network. Cloud firewalls can also protect on-premise infrastructure.

Cloud firewall blocks attacks at cloud deployments

Definition of a firewall

A firewall is a security product that filters out malicious traffic. Traditionally, firewalls have run in between a trusted internal network and an untrusted network – e.g., between a private network and the Internet. Early firewalls were physical appliances that connected to an organization's on-premise infrastructure. Firewalls block and allow network traffic according to an internal set of rules. Most firewalls allow administrators to customize these rules.

기존의 방화벽

The border between a trusted network and the Internet is called the "network perimeter." However, with the growing popularity of cloud computing, the network perimeter is mostly gone. Thus, cloud firewalls that form a virtual barrier between trusted cloud assets and untrusted Internet traffic are increasingly important.

Is firewall-as-a-service (FWaaS) different from cloud firewalls?

Firewall-as-a-Service, or FWaaS for short, is another term for cloud firewalls. Like other "as-a-service" categories, such as software-as-a-service (SaaS) or infrastructure-as-a-service (IaaS), FWaaS runs in the cloud and is accessed over the Internet, and a third-party vendor updates and maintains it.

Why use FWaaS?

은행은 다양한 물리적 보안 방안을 마련하고 있습니다. 대부분의 실제 은행은 보안 카메라와 방탄 유리 같은 보안 기능을 갖추고 있습니다. 경비원과 은행 직원도 도난의 가능성을 방지하는 데 도움을 주고 현금은 매우 안전한 금고에 보관됩니다.

But imagine if, instead of being kept in one place, each bank branch's cash was stored in different safes all over the country that were operated by a company specializing in safe maintenance. How could the bank be sure that its money was secure without deploying additional security resources around its scattered safes? This is akin to what cloud firewalls do.

The cloud is like a bank with scattered resources, but instead of money, the cloud stores data and computational power. Authorized users can connect to the cloud from anywhere and on almost any network. Applications that run in the cloud can be running anywhere, and that also applies to cloud platforms and infrastructure.

클라우드 방화벽은 클라우드 자산에 대한 사이버 공격을 차단합니다. 클라우드 방화벽을 배치하는 것은 은행의 현지 보안 카메라와 경비원을 글로벌 상시 보안 센터로 교체하는 것과 같습니다. 글로벌 상시 보안 센터는 중앙에 직원이 있어, 은행 자산이 보관된 모든 곳에서 제공하는 보안 카메라 영상을 받습니다.

What are the main benefits of using a cloud firewall/FWaaS?

  • Malicious web traffic is blocked, including malware and bad bot activity. Some FWaaS products can also block sensitive data from going out.
  • Traffic does not have to be funneled through a hardware appliance, so no network choke points are created.
  • Cloud firewalls integrate easily with cloud infrastructure.
  • Multiple cloud deployments can be protected at once (as long as the cloud firewall vendor supports each cloud).
  • Cloud firewalls scale up rapidly to handle more traffic.
  • Organizations do not need to maintain cloud firewalls themselves; the vendor handles all updates.

클라우드 방화벽과 NGFW(Next-Generation Firewall)는 어떻게 다릅니까?

A next-generation firewall (NGFW) is a firewall that includes new technologies that weren't available in earlier firewall products, such as:

  • Intrusion prevention system (IPS): An intrusion prevention system detects and blocks cyber attacks.
  • Deep packet inspection (DPI): NGFWs inspect data packet headers and payload, instead of just the headers. This aids in detecting malware and other kinds of malicious data.
  • Application control: NGFWs can control what individual applications can access, or block applications altogether.

NGFWs can run in the cloud or as on-premise hardware. A cloud-based firewall may have NGFW capabilities, but an on-premise firewall could also be an NGFW. Learn more about NGFW vs. FWaaS.

How does FWaaS fit into a SASE framework?

SASE(Secure Access Service Edge)는 클라우드 기반 네트워킹 아키텍처로서 소프트웨어 정의 WAN 같은 네트워킹 기능을 FWaaS를 비롯한 다양한 보안 서비스와 결합합니다. 온프레미스 방화벽이 온프레미스 데이터 센터의 경계를 보호해야 하는 기존 네트워킹 모델과 달리 SASE는 네트워크 에지에서 포괄적인 보안 및 액세스 제어를 제공합니다.

Within a SASE networking model, cloud-based firewalls work in tandem with other security products to defend the network perimeter from attacks, data breaches, and other cyber threats. Rather than using multiple third-party vendors to deploy and maintain each service, companies can use a single vendor that bundles FWaaS, cloud access security broker (CASB) services, secure web gateways (SWG), and zero trust network access (ZTNA) with SD-WAN capabilities.

Cloudflare Magic Firewall is designed to protect both on-premise and cloud infrastructure via the Cloudflare global network. Magic Firewall is included in the Cloudflare One SASE platform — learn more here.

Businesses looking to protect their web applications can also use the Cloudflare WAF (learn more).