Cloud-based network security solutions

How do cloud-based security solutions work? What are the differences between hardware-based security solutions?

 Interested by these questions, I read an essay focusing on how to implement cloud based, customized network security solutions “Customized Network Security for Cloud Services”, and I will share my learning and discoveries on this topic for my weekly ten-cents sharing.

Background

With the cloud getting used by more and more customers, the network security in and outside of the cloud is becoming a new challenge. We have seen many network incidents in the cloud either comes from outside of the cloud such as denial of service attacks, or within the cloud such as cloud malware injection attacks or even inside attacks. There are several ways to mitigate, either you deploy network hardware security agents such as WAF or FW outside of the cloud so that you can protect the certain network traffic before it reaches to the cloud, or you host cloud-based virtual security solutions within the cloud so that we can protect from both sides. But with the first one, it involves hardware implementation which is hard to manage and not cost effective neither, nor can it protect the environment within the cloud, avoiding the attacks coming from internal virtual machines.

Summary of the Essay

So, with cloud CNS (customized network security), security middle-boxes are placed in the cloud instead of in the front-end of cloud computing in order to prevent malicious attacks from external and internal traffic. I understand this as a cloud-based security solution or software-based solution. The essay emphasizes contribution of cloud CNS in several parts:

-Innovative architecture: this is more flexible and on-demand unified system.

-Preventing attacks from both sides: since it is hosted in VM inside of the cloud, it can be configured to protect attacks from both sides.

-Low-cost and customized: With this model, you do not need to invest hardware security agents and customized features such as rules management and unified log management.

They also explained how it works and how to implement within the cloud.

My two cents

There are some advantages with Cloud based firewalls:

-Easy to use and scalable with the help of scalable cloud infrastructure.

-You can integrate with identification and authentication system in the cloud so that you can better control traffic.

-Most of the cloud will provide snapshot or high availability, so that you can recover easily.

However, we also need to be aware that the availability is depends on the cloud availability, so it might become vulnerable if the cloud infrastructure is compromised and it cannot be affective for some advanced attacks either.

The essay link: https://www.garudax.id/smart-links/AQGAkmNaXxGGfg