Cloud Managed Next Generation Firewall-as-a-Service

A Way to Better Manage and Monitor Network Security in Complex Environments

Network security is an unfair game. To protect your business, users, and data, you employ a number of security mechanisms across the data center, hybrid, and public cloud environments. On the contrary, the adversaries are only after one vulnerability. One mistake or misconfiguration in the whole defense system can lead to a security breach.

The trends – an increasing number of network devices, technologies, and traffic – are not really improving your chances or helping the network security operations teams. What is increasing is their workload and network security complexity.

If you are to win this game, you need a different approach to policy and device management.

NIL’s Cloud Managed Next Generation Firewall-as-a-Service (CMNGFaaS) enables you to enforce and maintain consistent firewall, intrusion prevention, application detection, and SSL decryption policies, and to achieve comprehensive threat visibility across your devices and network. It reduces complexity, improves operational efficiency, and above all strengthens your overall network security.

Network Security and Next Generation Firewall Management, Simplified

The Cloud-Managed Next-Generation Firewall-as-a-Service helps you align and simplify the network security management. It also provides visibility, event management, and supports integration with advanced threat detection and response mechanisms.

The solution’s key benefits are:

  • Stronger network security posture: The solution strengthens your network security posture by aligning security policies throughout your organizational networks, as well as hybrid and dispersed environments. It helps you prevent inconsistencies and gaps in your network security – even when adding new security tools.
  • Saves time and money: By reducing complexity, the solution streamlines the security policy management and device management. It keeps your network security operations team from doing repetitive tasks and reduces the possibility of human errors.
  • Easy to deploy and administer: The solution allows for hassle-free implementation and integration into your network environment. You can manage it from anywhere with a highly secure, always available, highly reliable, and scalable multitenant cloud solution.

Cloud Managed Next Generation Firewall-as-a-Service Features

The core goal of the cloud managed Next Generation Firewall-as-a-Service solution is a simpler and more effective network security and visibility. Behind a single user interface, it brings together powerful device and policy management capabilities, as well as monitoring features – including logging, advanced analytics, and event aggregaton at the perimeter within a private network and even a public cloud. You can also integrate the solution with your Security Operations Center (SOC).

The key features include:

  • Templates for consistent policy design: You can create, apply, and manage a consistent policy design across disparate devices from a single place. The template feature allows you to create a “gold configuration” that can be replicated and customized. Once you are done, you can export and apply your standardized configuration to any new platform.
  • Platform optimization: Upon onboarding, you will immediately be able to identify and flag common issues across firewalls that have been in production for years. After assessing and identifying all risks, you will now be able to swiftly remediate issues across all devices in bulk — bringing your devices to a consistent and more secure state.
  • CLI in bulk: In addition to an intuitive web-based UI, the tool provides the Command Line Interface (CLI) users with a streamlined user experience as well. The CLI Tool gives users the ability to perform CLI commands in bulk across many devices at once, including the ability to create user-defined macros or shortcuts for your most common commands.
  • Audit trailwith changelog: Customers can track changes through the changelog to review what change was made when and by whom.
  • Configuration backup and rollback: The configuration is backed up after every change and you have the ability to roll back to the previous, adequate and known configuration.
  • Effective management of multiple security policies: Administrators can manage firewall, IPS, AMP, application visibility and SSL decryption policy templates, and apply them to a single or to multiple devices
  • Simple image upgrades: Streamline the approach to performing OS upgrades for faster access to the latest patches and features.

Managed from the Cloud or On-Premise

The Cloud Managed Next Generation Firewall-as-a-Service solution allows you to manage your next generation firewalls regardless of their location – deep within your data center or exposed to the internet. Using the Secure Device Connector VM, you can manage your private firewall deployments without exposing them to the public internet environment, as well as collect, analyze, and correlate the security logs, firewall and IPS events, and alerts.

Both the device configuration and the event management are performed via the single cloud-based web interface, regardless of the physical or logical firewall location. All your data, configuration, and logs are kept within the EU.

Solution Components

The Cloud Managed Next Generation Firewall-as-a-Service solution consists of management, logging, and device connectivity components:

  • The solution management is performed via Cisco Cloud Defense Orchestrator (CDO), a cloud-based management platform.
  • The event logging and analytics are performed by Cisco Security Analytics and Logging (CSAL), which integrates with CDO to allow in-depth device monitoring and event management.
  • The Secure Device Connector (SDC) component allows for on-premise device management and log collection, where direct device connectivity to the cloud is not possible or allowed. Where possible, a cloud-based device connector could also be used, however this solution focuses on the on-premise component.

Solution architecture

More Information

To learn more about the CMNGFaaS solution and how it can help you secure your business, contact our team. We will be glad to answer your questions.