Aviatrix Distributed Cloud Firewall

Additional Info

CompanyAviatrix
Websitehttps://aviatrix.com
Company size (employees)100 to 499
Headquarters RegionNorth America

Overview

Aviatrix’s industry-first Distributed Cloud Firewall (DCF) extends secure cloud networking, helping enterprise customers to reduce costs, improve security, and simplify operations in the cloud.

Traditional “Next-Gen” Firewalls were introduced 15 years ago during the data center era. Designed to operate on hardware platforms and be deployed at the well-defined perimeter of data center architecture, enterprises have found it operationally complex and expensive to lift-and-shift these solutions into cloud.

To move the industry forward, Aviatrix’s DCF is built for cloud and distributes both inspection and policy enforcement into the natural path of application traffic across any multicloud environment – eliminating the need to redirect traffic to centralized firewalls or other network security services. Cloud aware policy creation is simpler and streamlined, leveraging dynamic cloud workload identity tags and attributes instead of static IP addresses, and abstracts how/where policies are enforced by programmatically configuring native cloud services where required.

Key Capabilities / Features

Distributed Enforcement Embedded into Natural Cloud Traffic Flow – Last year, Aviatrix introduced the Distributed Cloud Firewall, a solution that takes full advantage of our distributed systems ability to see each packet across the network and which leverages economies of scale in cloud for maximum performance and efficiency. In a distributed model, traffic does have to be redirected to centralized inspection points to be secured. This eliminates bottlenecks, seamlessly fits into existing architectures, and offers superior performance at a fraction of the cost of traditional virtual firewalls.


Centralized, Intelligent Policy Creation – Because the Aviatrix controller uses APIs to discover and track cloud-native network objects, DCF can create intelligent policies based on native workload identities, tags and attributes. These identities are organized and managed in folders called SmartGroups. As the objects within the SmartGroups move or change across the network, the policy enforcement will move and change with them.


Cloud First Operational Model – The Distributed Cloud Firewall can be deployed and managed entirely through Terraform, allowing for the automation of policy which is sensitive to each application or workload. This capability supports DevSecOps teams, fits in to existing CI/CD pipelines, and allows policy to be instantiated in a “ready state” against applications as they deploy, grow, and change.


Advanced Security Services Consolidation – More than basic firewalling, DCF supports automated L7 decryption and inspection, threat detection and mitigation, micro-segmentation, network isolation, anomaly detection, cloud workload risk scoring, advanced NAT, VPN services, and audit reporting.


Native Cloud Network and Security Orchestration – Supports native cloud APIs for both cloud network and cloud security orchestration to abstract underlying cloud infrastructure complexities, create consistency across cloud service providers, and avoid conflicts between networking and security configurations.


How we are different

Traditional firewalls simply aren’t built for the dynamic nature of cloud. Network security must be distributed and embedded into the network to deliver a true, agile, least privilege, zero trust, environment. The Aviatrix Distributed Cloud Firewall (DCF) marked a new era for cloud network security that customers are quickly adopting.


Aviatrix’s DCF allows customers to reduce costs by 30%+ while achieving a 14X increase in aggregate security throughput compared to a centralized architecture, which enterprises – having no alternative – have adopted when lift-and-shifting “Last-Gen” firewall into the cloud. Aviatrix customers are saving from tens-of-thousands to millions of dollars leveraging Aviatrix and the new DCF.


“This is more ‘cloud native’ than native cloud firewalls. It’s a game changer for us. Aviatrix’s policy creation interface is novel and built for cloud, it abstracts multicloud differences and uses cloud native tags and attributes to define policies.” - Jason Simpson, VP of Engineering, Choice Hotels