A data center firewall is a software or hardware device that monitors traffic entering and exiting an organization’s network — or, as network perimeters fragment, a portion of that network, down to the workload level — to filter out external threats.
Data center security has traditionally been based on a perimeter firewall, designed to protect internal assets from malicious external actors hiding in north-south traffic. With the rise of distributed networks and modern applications, however, the network perimeter has become more and more porous, necessitating sophisticated distributed firewalls that can deliver fine-grained monitoring and protection of internal — or east-west — traffic.
Despite the rise of cloud-based resources and a distributed workforce, the data center remains critical to many, if not most, enterprises. Containing mission-critical applications and other essential business equities, the data center has evolved and often dispersed geographically but remains just as vulnerable. In the face of ever-growing threats, IT departments understand that securing the data center from malicious threats and unauthorized access remains essential to the continuity of the business.
A data center firewall, whether perimeter-based or distributed, is a gatekeeper, continuously monitoring traffic flows in and out of a designated network area, blocking suspicious activity, and alerting security teams to threat events.
Firewalls may use a variety of techniques, depending on their design, to control traffic flow. Traditional architectures will often provide static packet filtering, proxy services, and stateful inspection.
Modern gateway firewalls often add intrusion detection (IDS/IPS), application context, and advanced threat analysis that helps evaluate the content of traffic passing through.
Finally, distributed firewalls are designed to filter east-west traffic and deliver protection down to the workload level.
A robust firewall solution will combine the strengths of gateway and distributed firewalls to deliver north-south and east-west protection for the data center that:
Data Center Security