The Cloud According to FireMon

We get asked quite a bit “does FireMon work in the cloud?” The answer is yes, but how our solution fits in your cloud environment depends on what you mean by cloud.

When most people talk about the cloud, they’re talking about one of three things: Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS).

Image - 1920 x 768 - cloud types.png

SaaS is a software solution offered to end customers and delivered over the internet. You don’t buy any hardware, and the service is often offered as a subscription. This is where you’ll find solutions such as Salesforce.com, Google Docs and Office365.

PaaS is a set of tools and services designed to make coding and deploying applications quick and efficient. You don’t have to think about hardware, infrastructure or networking – just building the application on top of a platform. Examples of PaaS solutions are the Google App Engine and Salesforce App Cloud.

IaaS is a dynamic infrastructure of servers, storage and networking that is delivered in an on-demand manner. This is like a data center with the complexities removed. You don’t need to buy hardware, but if you want to build a network, internet gateway or a virtual machine, you just point and click, and that element is created. This is where Amazon Web Services and Azure live.

It’s important to identify which of the above cloud technologies you’re talking about in order to get an accurate answer to “does it work in the cloud?” The more generic the question, the more generic the answer will be. For FireMon, we’re focused on IaaS. Let’s take a closer look at how we enable security management in IaaS cloud environments.

You can think of IaaS as an on-demand data center. Here you have the ability to:

  • Point and click to compute (like a web search engine)
  • Create new data storage
  • Create new networks where you can drop the new compute resources such as firewalls

The idea that you can create a new network or gateway with a click of a button or by calling an API call is called Network Virtualization. Network Virtualization is a generic term that you can apply across IaaS that includes technologies such as Software Defines Networking (SDN) and the on-premises cloud or private cloud. In IaaS, you can also have the option to create a native/embedded access control associated with every compute instance where you don’t have to deploy a firewall.

Where FireMon comes into play is when you are managing security within and between these cloud networks. We have four core cloud competencies:

  • Manage any policy deployed on firewalls in the cloud (i.e. Check Point, Palo Alto Networks, Cisco, Fortinet, Juniper Networks, etc.)
  • Manage cloud security infrastructure side-by-side with on-premises security infrastructure
  • Manage native cloud security controls like a traditional, on-premises devices
  • Manage and secure connectivity to and between multi-cloud environments

You can read more about these capabilities in our Cloud Security Management Brief. Or, stick with us throughout our FireMon & the Cloud blog series where we’ll explore them further.