Table of Contents
- Summary
- Market Categories and Deployment Types
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Andrew Green
- About GigaOm
- Copyright
1. Summary
Cloud network security solutions provide a suite of security services for single and multicloud environments to prevent unauthorized traffic, access, modification, misuse, or exposure. Cloud network security is entirely software driven, with vendors orchestrating cloud-native, third-party, or proprietary appliances to enforce security policies and gain visibility over the infrastructure footprint.
Native security appliances in public clouds offer functionalities that are limited because, for example, they lack granularity in policies or have only simplistic filtering capabilities. Many vendors featured in this report offer proprietary alternatives that can be deployed across multiple cloud providers to deliver consistent security across the whole surface area. These functionalities may include firewalls, gateways, load balancers, sandboxes, or network traffic analysis appliances.
While some vendors leverage third-party appliances or provide proprietary ones such as firewalls to deliver more advanced functionalities than those available natively in the public clouds, vendors who choose to orchestrate the native ones can still bring considerable benefits with extensive visibility and global policy definitions, often with less disruption and without passing the cost of developing proprietary appliances or licensing third-party ones to the end customer.
Cloud network security solutions must unify different environments, so a solution can deliver its benefits only by following multiple phases, which are a useful yardstick for selecting a solution.
First, the solution needs to gain visibility over the environments that need securing, which includes onboarding activities such as accessing the public cloud accounts. Once the adequate permissions are in place, the solution must discover all the assets within the environments. Across multiple clouds, these should include virtual networking constructs, regions and availability zones, existing security and networking appliances, compute and storage instances, workloads, applications, and other services such as databases.
The second step is to create visualizations that reflect the current environment. These can be topological maps that display how networks and workloads communicate and are isolated from each other. If the environment spans multiple cloud providers, the solution should also capture this level of information and create a comprehensive view of the entire cloud estate.
Third, solutions that have capabilities for misconfiguration detection, which include internet exposed resources, open ports, or policies that are too permissive, will highlight any current configuration issues. To do this, the solution may require a sample of real-world traffic to understand the connectivity across resources and identify potential security risks.
With an understanding of the cloud environment, the ways entities are connected, and the traffic flows, the solution can now enable administrators to intelligently define security policies across the environments. The policy engine itself is a functional requirement, just like those policies needed to provide granular controls over the rules, accommodate elastic workloads, and provide suggestions based on traffic analysis. These policies are used to secure north-south and east-west traffic patterns; more specifically, ingress and egress traffic filtering for north-south and network segmentation for east-west traffic.
Once policies are defined and the solution is up and running, the tool must continuously reassess and reinforce policies as configurations and workloads in the cloud change. Topology maps and segments must be updated as entities are spun up and down.
Lastly, besides filtering traffic that goes in, out, and across the environment, cloud network security solutions can also inspect and analyze traffic and communication patterns to detect anomalies. This information is useful to identify attempts at obfuscating data exfiltration, C2 attacks, and lateral movement or to detect malware before it enters the network.
This is our first year evaluating the cloud network security space in the context of our Key Criteria and Radar reports.
This GigaOm Radar report highlights key cloud network security vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report, “Key Criteria for Evaluating Cloud Network Security Solutions,” we describe in more detail the capabilities and metrics that are used to evaluate vendors in this market.
All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:
- Vendor agnostic integrations
- Service insertion
- Service orchestration
- Log aggregation
- Centralized management
- Cloud awareness
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.