Securing workloads across cloud

Micro-segmentation, also known as distributed firewalling (DFW), is an approach to defining network and security policies that allow organizations to segment and control workloads based on application profiles and workload attributes. Distributed Firewalling is available with our cloud offering through either a self-service portal or as a managed service.

Features

• Virtual firewalls embedded in the hypervisor
• No VM can circumvent the firewall (egress and ingress packets are always processed)
• Policies are attached to the VM for secure mobility
• Avoids routing traffic to the edge (and back) for inspection
• Inter-application routing improves app performance

Why Use Distributed Firewall

• No “choke point” or single point of failure
• Based in software, it is easy to scale out
• Enforcement as close to the VM as possible
• SpoofGuard protects against IP and MAC spoofing
• Enhanced context-aware protection for applications

As networks become virtualized and micro-segmentation becomes a strategic advantage for security teams, data inherently becomes segmented into buckets to allow teams greater visibility and control over information on the network. Segmentation can
be used to separate day-to-day business data from the sensitive or proprietary data. From there, security and risk teams can place the proper security and access controls on sensitive data segments using micro-segmentation.

Enable network security controls

Network admins can more quickly identify and adjust privileges for certain data types through micro-segmentation, enabling:

• Users to work with network data faster and more efficiently
• Increased agility and quick response to changing security needs
• Easier compliance with regulations
• Least-privilege enforcement

Achieve better data visibility and protection

If organizations understand where data exists, and which users are supposed to have access to it, then:

• Data and services can be better monitored
• Data flows more quickly through an organization to the appropriate users
• Overall data security and agility improve

Stop lateral spread of threats

Network segmentation automatically interweaves connections and services to create micro-perimeters around specific sets of data and information. This:

• Inhibits the spread of threats
• Accelerates identification and response to threats
• Minimizes impact of an attack

Layer 4 Protection

By default, our distributed firewalls offer protection up through layer 4 of the OSI network stack, enabling:

• Users to work with network data faster and more efficiently
• Increased agility and quick response to changing security needs
• Easier compliance with regulations
• Least-privilege enforcement

Layer 7 Protection

Application context-aware If organizations understand where data exists, and which users are supposed to have access to it, then:

• Data and services can be better monitored
• Data flows more quickly through an organization to the appropriate users
• Overall data security and agility improve

Professional Services

Offers professional and managed services to help you design, deploy, and manage your distributed firewalls.

• Assess on-premises networks, applications, and dependencies
• Design and deploy stretched networks for hybrid cloud/multi-cloud environments
• Define and implement firewall policies
• Migrate existing workloads/applications
• Transform security and networking to enable improved business agility and outcomes