Image generated by OpenAI's DALL·E
With the ongoing shift to the cloud, companies are increasingly faced with the question of how they can effectively protect their data and systems from threats. Native cloud firewalls offered directly by cloud service providers (CSPs) such as AWS, Microsoft Azure or Google Cloud Platform are considered a convenient and cost-effective solution. But is this enough to withstand the diverse and constantly evolving cyber threats?
The use of cloud computing is steadily increasing worldwide and in Germany. According to Statista, global cloud computing revenue in 2023 will be around 561 billion US dollars, and rising. In Germany, 89% of companies already use cloud computing services, with 54% planning to invest further in cloud solutions in 2024.
But despite the high level of cloud usage, which has now also increased significantly in Germany, the issue of cloud security is often not given sufficient priority. Many companies rely, if at all, on the native security solutions of cloud providers - often in their standard configuration. Whether these measures can withstand the current cyber threats remains questionable - until the next security incident.
What do native cloud firewalls offer?
Native cloud firewalls are deeply integrated into the respective cloud environment. They enable companies to quickly and easily define security rules, segment data traffic and control access. Commonly used solutions include AWS Network Firewall, Azure Firewall and GCP Cloud Firewall. These tools are generally well suited to meeting basic security requirements and interacting with other native services.
Advantages of native solutions
Easy integration
Because these firewalls are integrated directly into the cloud environment, they are easy to implement and manage.
Cost efficiency
Native solutions are usually cheaper than other solutions from the Marketplace Appliances because they do not require additional licenses or computing resources.
Automation possibilities
The native architecture facilitates the automation of security processes and policies.
Weaknesses of native solutions
Limited functionality
Many native solutions are limited to basic security measures, such as filtering IP addresses or ports. Advanced protection mechanisms such as intrusion detection/prevention (IDS/IPS) or deep packet inspection (DPI) are often missing.
Inconsistent effectiveness
Protection performance can vary greatly depending on provider and configuration.
Cloud lock-in
Dependence on one provider makes migration and integration into multi-cloud environments difficult.
Suboptimal logging options
Native cloud firewalls often offer limited or inflexible logging options. The granular information necessary for detailed analysis or effective incident response is often missing or requires additional configuration and costs.
Investigation: Security level of native firewalls in the cloud
In April 2024, CyberRatings.org published the results of its annual test of cloud network firewalls. In it, the AWS Network Firewall achieved a security effectiveness of only 5.39% - the lowest value in the comparison. This alarming result prompted a re-evaluation six months later. In this round, the Microsoft Azure Firewall and the Google Cloud Platform (GCP) Cloud NGFW were also tested. These three vendors together cover about two-thirds of the growing cloud market, which is estimated to be worth $300 billion annually and is expected to double in size over the next four years with a growth rate of 21%.
Testing was conducted using Keysight's CyPerf v5.0 software platform to evaluate the ability of these native solutions to withstand real-world security threats. Results showed significant variability in security effectiveness between vendors:
AWS Network Firewall
Blocked only two of the tested exploits, which corresponds to an effectiveness of 0.35%.
Microsoft Azure Firewall
Blocked 150 out of 574 exploits, giving an effectiveness of 26.13%.
GCP Cloud NGFW
Blocked 307 of 574 exploits, giving an effectiveness of 53.48%.
The tests used 574 exploits targeting servers and relevant to cloud workload environments. The attacks included targets such as Apache, HPE, Joomla, Cisco, Microsoft, Oracle, PHP, VMware, WordPress, and Zoho ManageEngine. It is important to emphasize that these tests were not intended as a comprehensive security assessment of the entire platforms, but focused on exploit protection.
Classification of the results
The figures make it clear that the native solutions tested in their standard configuration are not sufficient to protect companies from a wide range of threats. The situation is particularly critical for some providers, where even basic attacks were able to pass through almost unhindered. Even the better performing solutions do not reach the level of specialized security solutions.
What does this mean for companies?
No reliance on standard configurations
Native firewalls often only provide a foundation. To increase protection, companies must adjust the configuration and take additional protective measures.
Expansion through third-party solutions
Specialized providers such as Palo Alto Networks, Fortinet or Check Point offer more comprehensive protection mechanisms that can be used in addition to native firewalls.
Defense-in-Depth-Strategy
Companies should not rely on a single security solution. Instead, a multi-layered approach is required that combines different technologies and processes.
Regular tests and audits
The security of a cloud environment must be evaluated regularly in order to respond to new threats.
Conclusion: basic protection yes, comprehensive protection no
Native cloud firewalls are useful tools for basic protection, especially in smaller environments with limited security requirements. However, they are not sufficient for complex and critical workloads. The test report shows that companies that rely exclusively on these solutions are exposed to considerable risk.
Anyone who takes cloud security seriously should therefore invest in additional security measures and continuously review their own architecture. The cloud offers many advantages - but it also requires a flexible and well thought-out approach to security.