By Shantanu Kaushik
Firewall is a word that induces a sense of security and protection. For many years, firewalls have been the core of basic computing security, but with the introduction and evolution of the cloud, security threats, and malicious iterations of code have also evolved. To deal with evolving threats, tech giants like Alibaba Cloud created a Cloud firewall solution.
Before we discuss the Alibaba Cloud Firewall, let’s discuss some of the basics of a Cloud Firewall. A Cloud Firewall is a multi-application tool that performs security, monitoring, reporting, and self-learning using AI. The most important tasks are tracking and controlling the flow of data and filtering out any malicious domains, IPs, and ports used for this data exchange.
Cloud firewalls are next-generation firewalls that protect your internal system from the outside world in a cloud setting. They are a critical piece of infrastructure that is the first line of defense for your cloud resources. Cloud firewalls could be stand-alone products that are offered as a service.
Cloud computing is all about elasticity and scalability. A cloud firewall must also support auto scaling. When it comes to scaling and reachability of a firewall, a Cloud Firewall should protect enterprise traffic and extend security policies to Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) service scenarios.
Alibaba Cloud was the first one to offer a public cloud Firewall as a Service (FWaaS). Alibaba Cloud Firewall enables the user to centrally manage the firewall system and its access control policies. These access control policies are used to control the flow of traffic from the Internet that is directed towards the ECS instances. Alibaba Cloud Firewall also offers policies to control traffic flow between ECS instances.
Alibaba Cloud Firewall features the highly-effective intrusion prevention system (IPS) that allows for an overview of the complete network-wide traffic and access relations. The basic features of the tailored solution by Alibaba Cloud include:
Alibaba Cloud Firewall enables centralized management of traffic flow flowing in through the Internet. It also manages traffic between Virtual Private Cloud (VPC) networks, the traffic that flows between Elastic Compute Service (ECS) instances, and traffic flowing from VPNs and Express Connect instances.
Alongside controlling inbound and outbound Internet traffic, the Cloud Firewall stops multiple threats generating from the Internet. Let’s take a look at some features and benefits originating from the Alibaba Cloud Firewall.
Alibaba Cloud Firewall integrates access using the Alibaba Cloud Network Service. These include Cloud Enterprise Network (CEN), Virtual Private Cloud (VPC), Elastic IP Address (EIP), and Server Load Balancer (SLB). Alibaba Cloud Firewall controls the access and monitors the traffic flow to block any unwanted and suspicious access to the cloud resources. It does so by utilizing the network layer.
The Cloud Firewall provides an overview of all enabled or disabled defense functions. With that, different statistics related to detected threats and traffic access logs can be easily accessed.
It supports both north-south and east-west access control.
Alibaba Cloud Firewall can detect and block threats coming from the Internet, and provide a cyber kill chain to counteract highly critical cyberattacks simultaneously. Alibaba Cloud Firewall utilizes a real-time intrusion prevention system that updates pan-network threat intelligence.
All of the threats or intrusions detected by the IPS are recorded along with other events with Logs. The Alibaba Cloud Firewall log system automatically collects, stores, and analyzes inbound and outbound traffic logs in real-time. Based on these reports, it also supports real-time monitoring and alert service, allowing administrators to take action when an exception occurs.
Further analysis can be done for better policy management using complete network traffic data.
Alibaba Cloud Firewall is offered as a service by Alibaba Cloud on the public cloud platform. It is a fully managed service that adopts software-defined networking (SDN). Since it is a fully managed service, users don’t have to go through complex configuration and deployment procedures. The service automatically scales in and out and provides high-availability with automated disaster recovery scenarios.
Alibaba Cloud Firewall is a highly reliable and stable solution that is deployed in cluster mode. With automated disaster recovery, it is deployed and available in two availability zones to ensure continued availability in case a server or availability zone fails. Alibaba Cloud Firewall supports custom defense capability adjustments. By default, it supports up to 2Gbit/s for each IP.
Alibaba Cloud Firewall supports visualized analysis of traffic. This ensures better policy management and analysis of user traffic without going through complex configurations. You can leverage the topology views of Alibaba Cloud Firewall and extract visualized reports by business groups, application groups, access relationships, and assets.
Alibaba Cloud Firewall is a fully-managed service that is highly capable of defending your public cloud resources along with ECS-to-ECS connections, Express Connect traffic, and VPC connections. You can deploy this service based on your business needs and opt for a version that best suits your productivity.
Alibaba Clouder - January 27, 2021
Alibaba Clouder - July 14, 2020
Alibaba Clouder - March 7, 2019
Alibaba Cloud Security - October 29, 2019
Alibaba Clouder - September 20, 2019
Alibaba Clouder - January 14, 2021
Cloud Firewall is one of the first SaaS firewall deployed on the public cloud.Learn More
A virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.Learn More
A dedicated network connection between different cloud environmentsLearn More
More Posts by Alibaba Clouder