Not all firewalls are equal or even similar in terms of their ability to protect their customer, future-proof their business growth and meet operational requirements. So if you are leveraging Microsoft Azure Virtual WAN, or considering using it or wondering the best way to secure your Virtual WAN deployments, read on.
To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, enterprise-grade cloud network security.
According to Check Point’s Cloud Security Report, there is a critical surge in cloud security incidents, marking a significant increase from 24% in 2023 to 61% in 2024 (a 154% increase) highlighting the escalating complexity and frequency of cloud threats. The survey underscores a daunting reality— although cloud attacks are on the rise, only 4% of organizations disclosed that they are able to mitigate risks easily and quickly. An overwhelming 96% have expressed concern about their ability to handle such risks. In addition, 91% of respondents are alarmed by the surge in more sophisticated cyber threats, including unknown risks and zero-day attacks, which cannot be detected using conventional security tools.
Background
More and more organizations are using public clouds. According to ESG, organizations using infrastructure as a service (IaaS) report a majority (55%) of their production applications and workloads now reside in public clouds. This was expected to increase to 62% by the end of 2023.
Azure Virtual WAN is a popular networking service. It enables a global “hub-and-spoke” transit network architecture, where the cloud hosted network “hub” enables transitive connectivity between endpoints that might be distributed across different types of “spokes” (including on-premises sites and branch offices, remote users and virtual networks), and traffic is routed through the Microsoft global network. Virtual WAN is well suited for enterprise customers, especially those with diverse, distributed, and heterogeneous IT environments.
A key component of every Virtual WAN deployment is how best to protect its data, workloads and assets. A foundational layer is cloud network security, where organizations should deploy virtual security gateways to provide advanced threat prevention, traffic inspection and micro-segmentation. Such security solutions use multiple layered security technologies including Firewall, IPS, Application Control, DLP and others. Cloud network security solutions enables broad risk mitigation with the greatest ROI and cost/benefit.
Azure Virtual WAN customers may choose Microsoft’s cloud network security solution because they perceive it easy to use and scale due to the native integration into the Virtual WAN hub, and also because of the ease of purchasing and bundling Azure security together with Virtual WAN and other Azure services.
However, there are business scenarios where organizations prefer to enhance and complement Azure security with recognized cybersecurity vendor solutions, to achieve enterprise-grade cloud network security and secured connectivity.
Five business use cases
1: Extending on-premises network security to the cloud
Organizations with on-premises network security, in the form of Next Generation Firewalls (NGFWs) or security gateway appliances, prefer to extend their existing security posture to the cloud, for reasons of consistency, to maintain compliance with regulatory requirements, to mitigate risk, and to maximize operational efficiency.
The obvious choice for these organizations is to use the same security solution from their on-premises network security vendor, assuming it is easily available as a cloud firewall. They will receive the same level of security effectiveness without hiring new security engineers and with minimal training of the existing security team, contributing to lowest Total Cost of Ownership. They are also confident with their existing vendor’s ease-of-use, UI, and support. Most importantly, their security policies are now consistent between their on-prem and Azure Virtual WAN and other cloud deployments, minimizing organizational risk.
2: Organizations sensitive to security risk
Some organizations are especially sensitive to security risk, especially in financial services, healthcare, government and public sector, energy and utilities, and retail and e-commerce. Even outside of these verticals, most companies have critical business applications and assets that are essential for the success and sustainability of the organization. The IBM Cost of a Data Breach report states the global average cost of a data breach in 2023 was USD 4.45 million, and 82% of breaches involved data stored in the cloud.
Some organizations believe their security is good enough, until they realize it is not.
In other words, not all firewalls are equal or even similar in terms of their ability to protect their customer.
Organizations should choose cloud network solutions with the highest industry catch rate of malware and other threats, especially for their critical business applications. (For non-business critical applications, they may choose to use less-recognized solutions and take the chance they won’t get breached.)
3: Multi-clouds and hybrid-clouds
This article is focused on Azure Virtual WAN; however, it is clear that organizations are embracing multi-cloud. According to the 2024 State of the Cloud report by Flexera, 89% of survey respondents use more than one cloud, with the majority using multiple public clouds and multiple private clouds.
And if an organization is using a single cloud provider today, this may change in 6 months or a year because of M&A activity, new direction from the board of directors or even new cloud pricing models.
Organizations using multi-clouds or hybrid clouds should choose a security solution that provides consistent and efficient management of cloud network security over their entire IT infrastructure, preferably from a single pane-of-glass management console.
And organizations with single clouds are strongly recommended to “future-proof” their cloud security by investing in hybrid-cloud network security solutions.
4: Security teams want efficiency and ease-of-use
The global shortage of security engineers leaves many organizations with overworked and overwhelmed security teams with limited bandwidth, and who desire efficient solutions with high ease-of-use.
This overload is often caused by multiple “point” solutions that are not integrated together, influencing the recent preference for established security vendors with integrated security platforms. Organizations should focus their efforts on established and well-respected security vendors with solutions that have been fine-tuned by customer needs and requirements over many years. One vendor with one platform is always better than multiple vendors and/or multiple different solutions, interfaces and processes.
5: Analyst recommendations
Approximately 60% of security purchases are influenced by analyst recommendations. And many organizations are required to provide analyst justifications for their decision-making.
Objective third-party testing labs also provide valuable insight into quantitative differences between the effectiveness of different network security solutions in various threat prevention areas, including IPS, Anti-Malware, Zero-Day Protection, and other advanced threat prevention technologies.
By Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies