Akamai Prolexic Now Comes With a Network Cloud Firewall

Prolexic is Akamai’s cloud-based DDoS protection platform. I’ll spare you all the fancy marketing language we normally use to outline how well-regarded and widely used it is; instead, I’ll just say that it is a sophisticated system that allows fine-grained inspection and filtering of all types of network traffic before malicious traffic has an opportunity to egress into our customers’ networks. It also includes 24/7 on-site monitoring by a team of global analysts using in-house analytics and machine learning to find attack events and shut them down quickly, before they can cause widespread damage.

Eliminating bad traffic is possible because Prolexic sits between our customers' networks and the internet, and shields applications and systems regardless of where they are deployed: on-premises, in a data center, a public cloud, hybrid cloud, or a colocation facility.

Prolexic’s new cloud firewall also acts at the network edge. Users can define and manage their own ACLs and firewall rules, or they can have Prolexic suggest ACLs for the best proactive defense based on threat intelligence data. Prolexic will then enforce these ACLs at the edge of the company’s network, in front of all their other IT systems, no matter where within the network they reside.

And this is where we leave the realm of “only” DDoS protection. Because our cloud firewall sits in front of everything, it provides businesses with a powerful, easy-to-deploy, and easy-to-use tool to quickly, centrally, and globally block traffic that they don’t want hitting their networks or certain targets within their networks. Quickly, centrally, and globally — that is what you typically cannot get from regular firewalls because those firewalls are distributed across the network and protect only certain segments. In an emergency situation (such as a zero-day vulnerability) it may take too long to configure different firewalls in different locations and regions, managed by different teams, and each protecting only a section of the network.

With Prolexic Network Cloud Firewall’s location at the edge of the network, you don’t have to wait for teams or providers around the globe to apply changes to various network firewalls and other defense systems. Now you can block traffic to vulnerable targets globally with the flip of a switch (figuratively speaking). Then even the conventional firewalls across your network will not see that blocked traffic anymore, because they, too, are now behind Network Cloud Firewall.

Are we now suggesting that you can get rid of all those traditional network firewalls, and use only Prolexic Network Cloud Firewall? No, not exactly. Those firewalls are often highly specialized and very powerful solutions that can do more than what our first release of Network Cloud Firewall does. They can do things like deep packet inspection and more granular filtering. But, in an emergency, Network Cloud Firewall’s ability to act immediately and centrally, without overhead from cross-team coordination, is a significant advantage.

A common scenario in which Network Cloud Firewall can drastically improve network security is when an actively exploited zero-day vulnerability is discovered and publicized. This brings two issues: (1) a fix for the impacted software might not yet be available, and (2) even after a fix becomes available, patching business-critical systems is often a major operational undertaking that takes time and planning. Shutting down impacted ports and blocking attack traffic centrally at the edge with Prolexic Network Cloud Firewall will reduce or eliminate attack risk and buy teams the time they need to patch or define and deploy more granular defenses on the various firewalls installed across the organization.

There are other, less obvious reasons why having Network Cloud Firewall in front of your firewalls is helpful. As Prolexic’s new extension blocks unwanted traffic, the workload on your other defense systems goes down. This can be a very drastic reduction. One of our beta customers found that Prolexic Network Cloud Firewall denied more than 1.6 billion access attempts in just a few days and with a single rule that blocked a malicious subnet that otherwise would have hit the customer’s other firewall systems. As a result, that customer is revisiting the number of firewall systems they need, and is exploring a reduction in complexity and costs for appliances/hardware, provider licenses, and overall total cost of ownership — a potential savings to more than compensate for the cost of Prolexic Network Cloud Firewall.

Prolexic’s overall cloud security service and mitigation stacks are not changing. Network Cloud Firewall is built on top of the Prolexic platform. The new extension allows customers to define and adjust their own access control rules and provides analytics of existing ones. Network Cloud Firewall adds a next-generation firewall-as-a-service (FWaaS) capability to Prolexic, and provides the abilities to

• manually or automatically define proactive defenses to block malicious traffic instantly

• alleviate local infrastructure by moving rules to the edge

• quickly adapt to network changes via a new user interface

Just like Prolexic as a whole, Network Cloud Firewall is backed by active mitigation performed by Akamai’s 24/7 global Security Operations Command Center, and provides customers a unique 100% uptime service-level agreement.

Read more about Prolexic or contact us directly for more information.