Security virtualization meets UTM firewalls
The virtualization of security features is entering the next generation of firewalls. What started as the integration of security functions into a single appliance has involved into completely virtualized firewalls, this is game-changing for traditional firewalls.
The pooling of security functions such as inspection firewalling, antivirus, intrusion prevention & detection (IPS/IDS), antispam, web content filtering, traffic shaping, and dynamic routing in a single appliance is completely virtualized. Previously, this is known as Unified Threat Management (UTM). IDC has predicted that this market would have grown into twice the size of today's market for traditional firewalls and VPN.
This concept is taken a step further by vendors who completely virtualize all these integrated UTM security functions.
Apart from UTM firewall functions, static and dynamic routing can also be virtualized. To communicate between multiple virtual firewalls, Fortinet allows the activation of Inter-VDOM routing. This involves packets being routed internally between the virtual firewalls making communication via physical network interfaces redundant. This results in savings in terms of physical network interfaces and increased performance. Physical network interfaces can be virtualized via Virtual LANs (VLANs). Under the right conditions, up to 4000 virtual VLAN interfaces can be used simultaneously.
Virtualization of firewalls is not an entirely new topic in the field of network security. For years, carriers, Internet service providers (ISPs), hosting and managed security providers (MSSPs) have been virtualizing traditional network firewalls for their customers. They primarily used larger, redundant cluster firewall systems being shared by several end customers. Each customer can use its own, virtual firewall with appropriately separated configuration capabilities to deliver savings in terms of hardware and software licenses and enabled providers to offer its customers cost-effective and high-available firewall services.
Today, all the other UTM security functions can be virtualized. At the touch of a button, these features can be set up within a virtual firewall. Even the operating modus can be combined as required. One virtual firewall can, for example, run in the NAT/route modus, while the second operates in the transparent modus (layer2). Firewall, IPS, and antivirus functions can be run on the first instance, and on the second layer a pure web filter.
A growing number of companies are now deploying virtualization capabilities. In increasingly complex enterprise networks they find the necessary flexibility, in particular with virtualization of complete firewall functions or in the virtualization of network interfaces. Companies with multiple sites or different, clearly separated business units or departments are progressively relying on virtualization. The administration can be delegated to various administrators who see and manage only their own virtual firewall.
In the future, hardly any firewalls will be purchased without virtualization and UTM functionality. The growing demand for security functions, increasingly complex networks, and the pressure for companies to be cost-efficient speak for themselves.
full story
CXOtoday.com > Tech Insight > Security & Compliance > IT/ITeS > Security virtualization meets UTM firewalls
Security virtualization meets UTM firewalls
Linear Mode
