What is a Software Firewall?

Both software and hardware firewalls play critical roles in network security . Therefore, software firewalls are not better than hardware firewalls or vice versa. Rather, each are appropriate for different situations.

The most important difference between a hardware and software firewall is the form factor, but there are several others worth noting, summarized in Figure 2.

Types of Software Firewalls

Software firewalls typically fall into one of three categories:

  1. Virtual firewalls
  2. Container firewalls
  3. Managed service firewalls

Each type offers specific features for different environments and purposes. However, every software firewall monitors and protects east-west, incoming and outgoing network traffic. A software firewall blocks suspicious activity and preventing exfiltration.

Virtual Firewalls (also known as cloud firewalls or virtualized NGFWs)

A virtual firewall protects a range of environments, including:

  • Hybrid clouds
  • Individual private and public clouds
  • Virtualized branches
  • 5G deployments
  • 3 Virtual Firewall Use Cases

Virtual firewalls can inspect and control north-south perimeter traffic in public cloud environments and segment east-west traffic inside data centers and branches. Virtual firewalls offer advanced threat prevention measures via microsegmentation.

In public clouds, virtual firewalls add protections to the native safeguards cloud service providers (CSPs) offer. They also safeguard critical network connections to cloud applications. In these situations, cloud-based firewalls typically act as guest virtual machines. Some can provide visibility across multiple CSP deployments.

Higher-end virtual firewalls can offer the following benefits:

  • Support organizations in meeting public cloud user security obligations
  • Ensure compliance with regulatory standards
  • Boost built-in security features unique to each CSP

Container Firewalls

Container firewalls behave similarly to virtual firewalls but are purpose-built for Kubernetes environments. Container firewalls help network security teams safeguard developers with deep security integration into Kubernetes orchestration. This is important because container workloads embedded in Kubernetes environments can be difficult to secure with traditional firewalls.

Managed Service Firewalls

Software firewalls are also available as a managed service, similar to many other software-as-a-service (SaaS) offerings. Some managed service firewall offerings provide a flexible way to deploy application-level (Layer 7) security without the need for management oversight. As managed services, some of these firewalls can also be quickly scaled up and down.

Network Security Challenges that Create the Need for Software Firewalls

In the world of virtualized, decentralized environments, many network security challenges arise that cannot be solved with solutions applied to a traditional data center.

Disappearing Security Perimeter

The concept of a traditional security perimeter separating the inside and outside of the network has been challenged for some time. With the proliferation of hybrid/multi-cloud strategies, today’s modern architectures make it even harder to define a perimeter. Additionally, much of the architecture consists of clouds run by service providers. This results in constant movement of information across the network and the internet.

Increasingly Dangerous Threat Landscape

40% of businesses have already suffered at least one cloud-based data breach, a remarkable percentage given the short duration of the cloud era. The victims of these successful attacks are not just cloud novices but established enterprises with considerable investment and expertise in network security.

Conflicting Security Views Between Cloud and Network Teams

Shifting to cloud-first strategies has profound implications for security, starting with application development. Security is not always top of mind for cloud developers. Their mandate is to develop and release as quickly as possible. In fact, 14% of cloud developers report that application security as a top priority, while two–thirds routinely leave known vulnerabilities and exploits in their code. Plus, the development group is often tempted into thinking the native security provided by cloud service providers is “good enough.”

Network security often arrives late in the development lifecycle, limiting the range of available options. Furthermore, when the network security team recommends a security solution such as as an NGFW, they bear the burden of proof to show their recommendations will not slow the business down or delay time to value.

Cloud-native Introduces Network Security Problems in Hybrid/Multi-cloud Architectures

One particularly disruptive change in development methodologies is the use of vendor-specific orchestration services like AWS Elastic Beanstalk, Azure App Service, and Google App Engine. With these tools, developers simply upload application code, and the orchestration service automatically handles deployment. While this level of automation greatly simplifies life for the developer, it also compounds the problems of network security in hybrid/multi-cloud architectures.

Larger Attack Surface

Data centers are evolving into private clouds in which local applications are hosted on virtual machines, not directly on physical servers. Other applications run on public clouds in virtualized environments, often using containers and Kubernetes orchestration. In this model, interconnections dominate the architecture, making the attack surface larger and more difficult to define.

Figure 3: Firewall security in traditional data center architecture