Perimeter 4min de Leitura - 26 de August de 2020

Firewall appliance, learn the benefits

Dois appliances OSTEC firewall utm, um sobre o outro.

This post is also available in: Português English Español

Firewall is a security solution widely used in companies as a form of perimeter protection, which has undergone several evolutions over the last few years, as we deal with in our article that tells a little of the história acerca dos Firewalls.

In addition to the resources that added value to firewall solutions, platforms have also undergone major transformations, especially regarding performance gains, in view of a significant increase in the use of computer networks.

The platforms are nothing more than the location and format in which firewall solutions are installed, and this can make a lot of difference depending on the need and size of the business. In this blog post, we bring three options of platforms for deployment of firewalls, and the main focus will be given to the appliance platform.

Software or open-server

In this case, the manufacturer makes available its software platform solution, which can be installed in a set of devices, such as approved servers, according to the technical specifications required by the firewall solution manufacturer.

With the software installed, the company now benefits from the benefits associated with the product, fully. The installation in the software platform brings flexibility and allows, in some cases, reutilization of physical resources, reflecting in cost reduction for security projects.

Virtual appliance

The increased use of virtualization in corporate environments has opened firewalls for virtualization. In this sense, many security solution developers provide product packages, adapted for operation in hypervisors available in the market.

Virtualized firewalls have its operating mode very similar to the software platform, with the difference of being installed in a virtual environment, sharing resources with other applications using the same physical structure.

Appliance

Appliance is a dedicated hardware specifically designed for a purpose, in which manufacturers ship their software (firmware) and perform the commercialization in a single solution. There are appliances for various purposes, including firewall applications.

Firewall appliance

The firewall appliance is a hardware and software device developed and optimized for a set of purposes. This optimization takes place between hardware and software and delivers greater performance compared to the other platforms mentioned.

There are a variety of firewall appliance types, sizes and purposes, ranging from small businesses with very small structures to large companies and telecom operators, with numerous highly powerful chassis and blades.

Firewall appliance, main features

It is foolish to think that the difference between firewall appliance and other open server structures is limited to physical changes, including case modifications, trying to visually approximate the characteristics of specific appliances for network solutions.

In many cases, smaller manufacturers use traditional technologies, present on desktops or servers, and deliver them as a firewall appliance solution. In these cases, it is important to be aware of the viability of the acquisition, since the structure does not have the added value associated with the appliance concept, and it may be less expensive to invest in the acquisition of the firewall, on a software platform, along with open-server structure.

A firewall appliance is a highly specialized solution, regardless of the architecture, developed for that specific purpose, and because of this, there is a set of optimizations for the solution to be more performative.

Models for Small Businesses

Small businesses also fit in the consumption profile for firewall appliance, the concept is not about size, but about technology. There are smaller models, usually of very small sizes (like a DSL modem or small router) and with a lot of security features.

The added value of the solution lies in reducing the space required for installation, lower power consumption and the added technology that has a useful life of more than 5 years, which is not expected from a conventional computer.

Although they are more expensive, compared to other similar hardware, total cost of ownership (TCO) over the years is lower than traditional architectures, which tend to present problems, including in some cases the need for device replacement. In this sense, it is worth mentioning that substitutions can generate several drawbacks, including losses associated with the interruption of operations vital to the business, which must be evidenced when evaluating the acquisition of the structure.

Larger business units that need to be compliant with their headquarters policies or are properly connected by VPN, automatically balancing and switching links, are frequent consumers of more basic appliances.

Performance gain and reliability

For companies that need to perform their security solutions, the firewall appliance architecture is a very valid option because it characterizes one of the main benefits of this platform.

Since there is a natural optimization of hardware and software by the manufacturer, it is common for the environment to be much more performative if used on some other platform. With software there is no specific integration with the device, as well as in the virtual appliance structures there is the operational cost of the hypervisor itself.

Reliability is another important element in decision-making to acquire this type of platform, since the whole development project of the appliance takes into account aspects that prolong the life of the device, even in environments of intense activity.

Obviously, these two characteristics added, besides the adherence of the characteristics of the solution with the needs of the company, are fundamental for the decision making, when choosing the platform.

Security architecture standardization

The more standardized the security architecture, in terms of both solution and platform, the greater the gain of homogeneity of the environment. Especially for businesses that have branch offices or small remote offices, this model is super important.

Another aspect considered in the process of architecture standardization is the ease of exchange, in places where clustering is not an option. If there is a standstill, substitution can be made transparently, without requiring highly specialized labor.

Otherwise, faced with a loss on other platforms, it is important to have specialized personnel to proceed with reinstallation, backup restoration and other facilities to ensure the return of the environment.

Lower Total Cost of Ownership (TCO)

Although the investment of appliance is higher, if we analyze the cost over time, the feasibility of the investment is evidenced. Firstly, it is a more reliable architecture, allowing for fewer shutdowns, and less need for maintenance.

For example, conventional hardware needs to have preventive maintenance from time to time, in order to verify that peripherals are working properly, among other things. However, in most cases, preventive maintenance is highly neglected, causing the hardware to often literally stop. The downtime of some deals can be very expensive.

On the other hand, the appliances are made to have long usage times, because their MTBF (Mean Time Between Failures) is much higher than that presented by traditional hardware.

In an evaluation period of 3 to 5 years, it turns out to be more advantageous for the company to purchase an appliance rather than a dedicated hardware.

During your purchase decision, keep in mind that firewall appliance will have a higher investment cost, however, it will also deliver more value to the organization. The important thing is to check what is most appropriate for each type of business.

Interested in knowing appliance firewall solutions? Get to know our equipment line.

This post is also available in: Português English Español