SlideShare a Scribd company logo

PPT Azure Firewall vs 3rd Party NVA Comparison v1.0.pptx

Download as PPTX, PDF
F
FadhilMuhammad80

Azure Firewall vs 3rd Party NVA Comparison deck

Technology
1 of 27
http://www.packet-systems.com Azure Firewall Andryan Viryadi Tanamir – Professional Services
+ Azure Networking Services PACKET SYSTEMS CONFIDENTIAL 2
+ Protection services enabling zero trust PACKET SYSTEMS CONFIDENTIAL 3
+ Azure Firewall PACKET SYSTEMS CONFIDENTIAL 4
+ Azure Firewall Variants PACKET SYSTEMS CONFIDENTIAL 5 Azure Firewall Standard Azure Firewall Premium
+ Azure Firewall Standard PACKET SYSTEMS CONFIDENTIAL 6
+ Azure Firewall Premium Features PACKET SYSTEMS CONFIDENTIAL 7
+ Azure Firewall Management Options • Firewall Rules (Classic) Management • Management via each Azure Firewall Resource itself • Can be said as local management • Only supports Azure Firewall Standard • Azure Firewall Manager (Firewall Policy) • Centralized Management for multiple Azure Firewall • Azure Firewall Premium only supports Azure Firewall Manager Central Management options PACKET SYSTEMS CONFIDENTIAL 8
+ Azure Firewall Manager PACKET SYSTEMS CONFIDENTIAL 9
+ Azure Firewall Manager PACKET SYSTEMS CONFIDENTIAL 10
+ Key Features PACKET SYSTEMS CONFIDENTIAL 11
+ Hub VNET vs Secured Virtual Hub PACKET SYSTEMS CONFIDENTIAL 12
+ Azure Firewall Manager Integration PACKET SYSTEMS CONFIDENTIAL 13
+ Azure Firewall Pricing PACKET SYSTEMS CONFIDENTIAL 14 Azure Firewall Azure Firewall Manager
+ Reference Architecture AZ FW PACKET SYSTEMS CONFIDENTIAL 15
+ Azure Firewall vs 3rd Party NVA PACKET SYSTEMS CONFIDENTIAL 16
+ Azure Firewall vs NSG • Azure Firewall is different from Network Security Group (NSG) • Complement each others to provide “Defense-in-Depth” • Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription • Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides network- and application-level protection across different subscriptions and virtual networks. PACKET SYSTEMS CONFIDENTIAL 17
+ Azure Firewall vs NSG PACKET SYSTEMS CONFIDENTIAL 18
+ Azure Firewalls vs NVA (NGFW) PACKET SYSTEMS CONFIDENTIAL 19
+ Key Advantages and Disadvantages Azure Firewalls vs NVAs (NGFW) • Advantages: • Built-in HA with Cloud Scale • Easy Deployment • 99.99% SLA Availability • Zero Maintenance Service Model (No updates or upgrades) • Azure Specialization (For example Service Tags, FQDN Tags) • Native Azure Sentinel Integration • Disadvantages: • Limited NGFW L7 Capability for now. Only IPS and URL Filtering supported. Sandboxing and Application Control not yet supported (March 2022) • No direct IPSec / SSL VPN Support (Needs Azure VPN GW) • No Traffic Shaping / QoS • No Geolocation Blocking features • No File-type blocking • Listed as Challenger in Gartner Magic Quadrant Network Firewalls 2021 • Not supported Inbound TLS Inspection (Need Azure Application Gateway) PACKET SYSTEMS CONFIDENTIAL 20
+ Key Advantages and Disadvantages of NVAs NGFW vs Azure Firewalls • Advantages: • State-of-the-art Next Generation Firewall Capabilities (IPS, AntiMalware, URL Filtering, Sandboxing, etc) • Leader in the industry (Palo Alto, Fortinet, Checkpoint) • Supports features such as Geoblocking, QoS, Central Management (Onprem and Cloud), File-type blocking • Customer can manage onprem and oncloud NGFW from a single pane of glass • Direct IPSec and SSL VPN capabilities (no need to depend on Azure VPN GW) • Disadvantages: • Scalability can be complex (Complex Iaas Deployment) • Additional cost on vm licensing and subscription (PAYG / BYOL) • Additional cost on Azure Resource Consumption (Compute, Storage, Load Balancer if HA is required) • Customer responsibility to manage and maintain 3rd Party NVAs PACKET SYSTEMS CONFIDENTIAL 21
+ Use Azure Firewall When.. • Flexible Scalability and High Availability is top priority • Autoscale with usage • Simpler deployment (No need additional VM, autoscale group, routing manipulation, load balancer etc) • Single Microsoft Azure Ecosystem • Simpler Security Requirements (No need advanced capability eq: Sandboxing, Zero Day Malware analysis, Application Control, etc) • Firewalls are not used as VPN Gateway or Inbound TLS Inspection (Reverse Proxy) PACKET SYSTEMS CONFIDENTIAL 22
+ Use 3rd Party NVA When… • Security consideration is priority • 3rd Party NVA (vendor dependent) supports advanced security capability such as Application Control, User aware rules, traffic shaping, sandboxing, zero day malware analysis, inline machine learing, etc) • Scalability and High Availabity can be architected well (Autoscale group if needed, BYOL/PAYG License consideration, routing complexity, availability zone design, etc) • Inbound TLS Inspection, VPN or SDWAN Termination is needed in single/ less solution • Centralized Management is needed between existing on premise firewall and firewall on cloud PACKET SYSTEMS CONFIDENTIAL 23
+ Sample Objection from 3rd Pparty NVA (Cisco) PACKET SYSTEMS CONFIDENTIAL 24
+ Sample Objection PACKET SYSTEMS CONFIDENTIAL 25
+ What’s Next in the Future? PACKET SYSTEMS CONFIDENTIAL 26
+ TERIMA KASIH www.packet-systems.com PT Packet Systems Indonesia The Manhattan Square, Mid Tower 25/f Jl. TB Simatupang kav. 1s Jakarta 12560, Indonesia PACKET SYSTEMS CONFIDENTIAL 27

Recommended

Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Riyadh User Group
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking BasicsSai Kishore Naidu
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptxRazith2
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Shawn Ismail
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework Amazon Web Services
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 

Recommended

Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Riyadh User Group
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking BasicsSai Kishore Naidu
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptxRazith2
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Shawn Ismail
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework Amazon Web Services
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaSRobert Crane
 
Azure Migrate
Azure MigrateAzure Migrate
Azure MigrateMustafa
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security ChecklistAmazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
Azure Arc - Managing Hybrid and Multi-Cloud Platforms
Azure Arc - Managing Hybrid and Multi-Cloud PlatformsAzure Arc - Managing Hybrid and Multi-Cloud Platforms
Azure Arc - Managing Hybrid and Multi-Cloud PlatformsWinWire Technologies Inc
 
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Edureka!
 
Azure
AzureAzure
AzureKiran Bavariya
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceDavid J Rosenthal
 
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Edureka!
 
Azure 101
Azure 101Azure 101
Azure 101Korry Lavoie
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual networkLalit Rawat
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureAymen Mami
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft AzureSoumya De
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryNew Horizons Ireland
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 SolutionsMarketingArrowECS_CZ
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practiceswalk2talk srl
 

More Related Content

What's hot

Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaSRobert Crane
 
Azure Migrate
Azure MigrateAzure Migrate
Azure MigrateMustafa
 
Azure Arc - Managing Hybrid and Multi-Cloud Platforms
Azure Arc - Managing Hybrid and Multi-Cloud PlatformsAzure Arc - Managing Hybrid and Multi-Cloud Platforms
Azure Arc - Managing Hybrid and Multi-Cloud PlatformsWinWire Technologies Inc
 
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Edureka!
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceDavid J Rosenthal
 
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Edureka!
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual networkLalit Rawat
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureAymen Mami
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft AzureSoumya De
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryNew Horizons Ireland
 

What's hot (20)

Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaS
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Azure Arc - Managing Hybrid and Multi-Cloud Platforms
Azure Arc - Managing Hybrid and Multi-Cloud PlatformsAzure Arc - Managing Hybrid and Multi-Cloud Platforms
Azure Arc - Managing Hybrid and Multi-Cloud Platforms
 
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
 
Azure
AzureAzure
Azure
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with Confidence
 
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
 
Azure 101
Azure 101Azure 101
Azure 101
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environments
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft Azure
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster Recovery
 

Similar to PPT Azure Firewall vs 3rd Party NVA Comparison v1.0.pptx

CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practiceswalk2talk srl
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...EC-Council
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
Future of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud MigrationFuture of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud MigrationAUGNYC
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introductionCalvin Lee
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
Best Practices in Secure Cloud Migration
Best Practices in Secure Cloud MigrationBest Practices in Secure Cloud Migration
Best Practices in Secure Cloud MigrationCloudHesive
 
AzureSQL Managed Instance (SQLKonferenz 2018)
AzureSQL Managed Instance (SQLKonferenz 2018)AzureSQL Managed Instance (SQLKonferenz 2018)
AzureSQL Managed Instance (SQLKonferenz 2018)Jovan Popovic
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016Daniel Toomey
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure ArcMohamed Wali
 

Similar to PPT Azure Firewall vs 3rd Party NVA Comparison v1.0.pptx (20)

Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
Future of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud MigrationFuture of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud Migration
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introduction
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for Developers
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web Day
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation Firewall
 
Best Practices in Secure Cloud Migration
Best Practices in Secure Cloud MigrationBest Practices in Secure Cloud Migration
Best Practices in Secure Cloud Migration
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
CipherGraph Cloud VPN
CipherGraph Cloud VPNCipherGraph Cloud VPN
CipherGraph Cloud VPN
 
Vmware on aws
Vmware on awsVmware on aws
Vmware on aws
 
AzureSQL Managed Instance (SQLKonferenz 2018)
AzureSQL Managed Instance (SQLKonferenz 2018)AzureSQL Managed Instance (SQLKonferenz 2018)
AzureSQL Managed Instance (SQLKonferenz 2018)
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

PPT Azure Firewall vs 3rd Party NVA Comparison v1.0.pptx

  • 2. + Azure Networking Services PACKET SYSTEMS CONFIDENTIAL 2
  • 3. + Protection services enabling zero trust PACKET SYSTEMS CONFIDENTIAL 3
  • 4. + Azure Firewall PACKET SYSTEMS CONFIDENTIAL 4
  • 5. + Azure Firewall Variants PACKET SYSTEMS CONFIDENTIAL 5 Azure Firewall Standard Azure Firewall Premium
  • 6. + Azure Firewall Standard PACKET SYSTEMS CONFIDENTIAL 6
  • 7. + Azure Firewall Premium Features PACKET SYSTEMS CONFIDENTIAL 7
  • 8. + Azure Firewall Management Options • Firewall Rules (Classic) Management • Management via each Azure Firewall Resource itself • Can be said as local management • Only supports Azure Firewall Standard • Azure Firewall Manager (Firewall Policy) • Centralized Management for multiple Azure Firewall • Azure Firewall Premium only supports Azure Firewall Manager Central Management options PACKET SYSTEMS CONFIDENTIAL 8
  • 9. + Azure Firewall Manager PACKET SYSTEMS CONFIDENTIAL 9
  • 10. + Azure Firewall Manager PACKET SYSTEMS CONFIDENTIAL 10
  • 11. + Key Features PACKET SYSTEMS CONFIDENTIAL 11
  • 12. + Hub VNET vs Secured Virtual Hub PACKET SYSTEMS CONFIDENTIAL 12
  • 13. + Azure Firewall Manager Integration PACKET SYSTEMS CONFIDENTIAL 13
  • 14. + Azure Firewall Pricing PACKET SYSTEMS CONFIDENTIAL 14 Azure Firewall Azure Firewall Manager
  • 15. + Reference Architecture AZ FW PACKET SYSTEMS CONFIDENTIAL 15
  • 16. + Azure Firewall vs 3rd Party NVA PACKET SYSTEMS CONFIDENTIAL 16
  • 17. + Azure Firewall vs NSG • Azure Firewall is different from Network Security Group (NSG) • Complement each others to provide “Defense-in-Depth” • Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription • Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides network- and application-level protection across different subscriptions and virtual networks. PACKET SYSTEMS CONFIDENTIAL 17
  • 18. + Azure Firewall vs NSG PACKET SYSTEMS CONFIDENTIAL 18
  • 19. + Azure Firewalls vs NVA (NGFW) PACKET SYSTEMS CONFIDENTIAL 19
  • 20. + Key Advantages and Disadvantages Azure Firewalls vs NVAs (NGFW) • Advantages: • Built-in HA with Cloud Scale • Easy Deployment • 99.99% SLA Availability • Zero Maintenance Service Model (No updates or upgrades) • Azure Specialization (For example Service Tags, FQDN Tags) • Native Azure Sentinel Integration • Disadvantages: • Limited NGFW L7 Capability for now. Only IPS and URL Filtering supported. Sandboxing and Application Control not yet supported (March 2022) • No direct IPSec / SSL VPN Support (Needs Azure VPN GW) • No Traffic Shaping / QoS • No Geolocation Blocking features • No File-type blocking • Listed as Challenger in Gartner Magic Quadrant Network Firewalls 2021 • Not supported Inbound TLS Inspection (Need Azure Application Gateway) PACKET SYSTEMS CONFIDENTIAL 20
  • 21. + Key Advantages and Disadvantages of NVAs NGFW vs Azure Firewalls • Advantages: • State-of-the-art Next Generation Firewall Capabilities (IPS, AntiMalware, URL Filtering, Sandboxing, etc) • Leader in the industry (Palo Alto, Fortinet, Checkpoint) • Supports features such as Geoblocking, QoS, Central Management (Onprem and Cloud), File-type blocking • Customer can manage onprem and oncloud NGFW from a single pane of glass • Direct IPSec and SSL VPN capabilities (no need to depend on Azure VPN GW) • Disadvantages: • Scalability can be complex (Complex Iaas Deployment) • Additional cost on vm licensing and subscription (PAYG / BYOL) • Additional cost on Azure Resource Consumption (Compute, Storage, Load Balancer if HA is required) • Customer responsibility to manage and maintain 3rd Party NVAs PACKET SYSTEMS CONFIDENTIAL 21
  • 22. + Use Azure Firewall When.. • Flexible Scalability and High Availability is top priority • Autoscale with usage • Simpler deployment (No need additional VM, autoscale group, routing manipulation, load balancer etc) • Single Microsoft Azure Ecosystem • Simpler Security Requirements (No need advanced capability eq: Sandboxing, Zero Day Malware analysis, Application Control, etc) • Firewalls are not used as VPN Gateway or Inbound TLS Inspection (Reverse Proxy) PACKET SYSTEMS CONFIDENTIAL 22
  • 23. + Use 3rd Party NVA When… • Security consideration is priority • 3rd Party NVA (vendor dependent) supports advanced security capability such as Application Control, User aware rules, traffic shaping, sandboxing, zero day malware analysis, inline machine learing, etc) • Scalability and High Availabity can be architected well (Autoscale group if needed, BYOL/PAYG License consideration, routing complexity, availability zone design, etc) • Inbound TLS Inspection, VPN or SDWAN Termination is needed in single/ less solution • Centralized Management is needed between existing on premise firewall and firewall on cloud PACKET SYSTEMS CONFIDENTIAL 23
  • 24. + Sample Objection from 3rd Pparty NVA (Cisco) PACKET SYSTEMS CONFIDENTIAL 24
  • 25. + Sample Objection PACKET SYSTEMS CONFIDENTIAL 25
  • 26. + What’s Next in the Future? PACKET SYSTEMS CONFIDENTIAL 26
  • 27. + TERIMA KASIH www.packet-systems.com PT Packet Systems Indonesia The Manhattan Square, Mid Tower 25/f Jl. TB Simatupang kav. 1s Jakarta 12560, Indonesia PACKET SYSTEMS CONFIDENTIAL 27