Top Benefits of a Cloud-Based Firewall
By Michael O’Connell, Security Solutions Architect at Aspire Technology Partners
Firewalls are one of the most fundamental methods of defense IT security professionals use to protect against attackers. At its most basic, a firewall serves as a gate between your network and the open internet. How secure that gate depends on the features your firewall offers.
The Cisco Umbrella Secure Internet Gateway (SIG) platform already has an advantage over old-school firewalls in that it’s based in the cloud, not on hardware. There are two packages: SIG Essentials, and the more advanced SIG Advantage. Both come with security functions that can help prevent malicious attacks on outbound traffic and protect information sent within your network. The Advantage platform provides additional features that may also be useful for your organization.
On a recent episode of the Digital Aspirations in Business podcast, I discussed the benefits of a cloud-based firewall — and what sets SIG Essentials and SIG Advantage apart. A recap, based on the episode, follows below.
SIG Essentials and SIG Advantage Are Next-Generation Firewalls
Both SIG Essentials and SIG Advantage come with capabilities every enterprise-level firewall should have, including:
Web filtering: Manage what pages users can visit.
- Customize block-and-allow lists.
- Block URLs based on information from Cisco Talos, one of the world’s largest commercial threat intelligence teams.
- Block suspicious files through AV Engine and malware defense.
- Create layer 3 and layer 4 policies to block specific IPs, ports and protocols.
- Build IPSec tunnels for secure inter-network communication.
The SIG Advantage platform comes with extra security features, including the ability to:
Configure layer 7 policies with the additional support of a built-in intrusion prevention system (IPS).
Domain name system- (DNS) level protection: Prevents man-in-the-middle attacks in which hackers eavesdrop on users’ activity without their knowledge.
Remote agent protection: Provides additional security for all endpoints on the network. This is especially important if your employees are working outside the office.
Data loss prevention and in-line inspection: Automatically scans and blocks outbound traffic deemed for suspicious language or intentions.
The Benefits of a Firewall in the Cloud
- Configure layer 7 policies with the additional support of a built-in intrusion prevention system (IPS).
- Domain name system- (DNS) level protection: Prevents man-in-the-middle attacks in which hackers eavesdrop on users’ activity without their knowledge.
- Remote agent protection: Provides additional security for all endpoints on the network. This is especially important if your employees are working outside the office.
- Data loss prevention and in-line inspection: Automatically scans and blocks outbound traffic deemed for suspicious language or intentions.
Unlike legacy firewalls, both SIG Essentials and SIG Advantage are based in the cloud. This simply means that instead of operating from on-site hardware — a server somewhere in your office building — these platforms are run through servers you can access through the internet.
The last five years or so have seen many everyday activities move into the cloud. For example, when you track your employees’ activity on Asana instead of at their desk, send bills through NetSuite instead of the mail, or watch Netflix instead of a DVD, you’re using the cloud.
Firewalls are no exception. And the benefits of cloud versus hardware apply to firewalls too. These include:
- In addition to protecting your on-premise environment, SIG Essentials and SIG Advantage help you monitor and manage security risks on your cloud infrastructure.
- You can monitor your network from one place and make changes or fix vulnerabilities across the entire network at the same time.
- For example, say you have 50 firewalls across your networks and you have a new piece of software that needs access to a port that was previously blocked. On traditional firewalls, you would have to open that port up on all 50 individual firewalls. On the cloud, you only have to open it once, and the change goes out to all the firewalls.
- Reduce the number of configurations you have to create, which in turn reduces the risk of misconfigurations. If you only have to set a policy once, it’s easier to check for mistakes, versus setting it 50 times.
- Scale quickly. Adding a new office used to mean installing a physical firewall, along with a team to monitor and update it. With a cloud-based firewall, you can apply firewall configurations at a new site remotely.
Computers have changed drastically in the last five years. Update the methods you use to protect them too.
Every enterprise is unique, but they all share a common need to secure and protect their human and digital resources. If you’re interested in how Aspire can help you, please contact us at CyberSecurity@AspireTransforms.com. Aspire Technology Partners is a four-time Cisco master partner, and we can build you a custom proof-of-concept environment with a full demo.
Aspire Technology Partners is a Cisco Gold Certified Partner engrained in solution pillars that set us apart as a true Cisco solutions provider. We are committed to the continuous improvement of expertise and skillsets around Cisco initiatives that enable us to help and guide customers in the adoption and management of technology architectures designed to transform their organization. We hold Cisco Master Specializations in Collaboration, Security, Cloud & Managed Services and is one of only 25 partners in the US to receive the Cisco Advanced Customer Experience Specialization.