Aviatrix Builds a Firewall for the Cloud


By: R. Scott Raynovich

Aviatrix this morning announced the availability of Distributed Cloud Firewall, a cloud-native software security product for its Secure Cloud Networking platform. This is a significant release designed to solve the problem of securing networks in the cloud and in traditional enterprise networking environments – at the same time.

The concept behind the Distributed Cloud Firewall is that traditional perimeter firewalls are past their prime, designed for an enterprise networking architecture that came before the cloud. Cloud network connectivity and cloud-based services have changed how application traffic travels, and IT and network managers are struggling with protecting their traditional network traffic and cloud workload traffic at the same time.

Solving the East-West Challenge

One of the larger challenges comes when managers use cloud networking platforms from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud to carry traffic among applications, workloads, or services in the cloud -- a phenomenon known as "East-West" traffic. As enterprise networks are being extended across this cloud, IT and network managers are often required to purchase or manage additional security tools, such as cloud firewalls or workload security protection.

Some managers have been finding buying cloud-native security services costly and challenging. Futuriom's own research shows that most network and security managers would like to consolidate or integrate their network and security tools, a problem that the Distributed Cloud Firewall is addressing.

On the business front, this is a clever move to crack security accounts that may be tiring of firewall vendors that are nickel-and-diming clients to buy more firewalls for cloud instances.

Aviatrix CEO Steve Mullaney, who once served as VP of marketing for Palo Alto Networks (as well as interim CEO), pointed out in an interview with Futuriom that he helped coin the phrase Next Generation Firewall, which fueled Palo Alto’s enormous growth and Initial Public Offering (IPO) in 2012. He says the NGFW is a product for another era.

“We took the NGFW and jammed it into the cloud and tried to create a perimeter,” said Mullaney, “This NGFW has no idea it's even in the cloud. It's horrendous and it's really expensive. It’s an LGFW – a Last Generation Firewall.”

Immediate Release with Metered Pricing

The Distributed Cloud Firewall proposes avoiding the cost of protecting separate cloud and network security domains by providing traffic inspection and policy enforcement across the entire path of the application, from the cloud to the enterprise. This could be a more efficient way to monitor traffic rather than some of the more common strategies, which redirect traffic to standalone firewalls or cloud-based security services.

The product will use the Aviatrix cloud-based controller to push out security policy changes across the multicloud networking environment. It will be able to tag cloud applications and service workloads so that applications can be easily identified across the network.

The Aviatrix distributed cloud firewall is available today and can be deployed on AWS, Azure, and GCP marketplaces with a metered pricing model. New Aviatrix customers can get the service for free, but existing Aviatrix customers will have to upgrade to gain features.

As Aviatrix VP of Marketing Rod Stuhmuller puts it, "What if we could move all the firewalling to be everywhere in the network? We are abstracting where and how policies are enforced."

Aviatrix provided reference customers, including Choice Hotels, which provided this quote from Jason Simpson:

"This is more cloud native than native cloud firewalls. It's a game changer for us," said Jason Simpson, Vice President of Engineering at Choice Hotels. "Aviatrix has flipped the equation for network security in the cloud by distributing the inspection and enforcement throughout the cloud network to where the traffic naturally flows, rather than forcing traffic redirection to centralized inspection points. Aviatrix's policy creation interface is novel and built for cloud, it abstracts multicloud differences and uses cloud native tags and attributes to define policies."

Let the firewall fireworks begin!

Futuriom Take: This is an important product launch designed to shake up the firewall market by addressing real-world headaches for security managers.