In our previous blog Why Did We Build the CN-Series?, we discussed what is CN-series and how to deploy it natively using Helm Charts. Today, we're going to walk through prominent use cases.
There are three use cases in which customers most often employ CN-Series container firewalls. All three of these examples involve the insertion of threat protection—and other advanced security services—at the trust boundaries of cloud-native applications.
First up is the east-west traffic use case. Customers can use CN-Series to insert Layer 7 traffic protection and advanced threat-protection into their Kubernetes environments—this secures the allowed connections between two containerized applications of different trust levels; it can also secure the allowed connections between containers and other workload types.
Other micro-segmentation products provide granular protection at Layers 3 and 4 to block traffic between workloads that shouldn’t be able to communicate. The critical difference is that CN-Series can inspect and control allowed traffic at Layer 7 and enable our Threat Prevention subscription service to detect and stop threats that may be attempting to move laterally across the environment. The two types of solutions absolutely can be used together.
The second prominent use case is securing outbound traffic from container environments to the internet or developer resources hosted in sites like Github. Our URL-filtering service provides guardrails for developers and other users to ensure they aren’t connecting to potentially malicious sites. Our firewall’s ability to inspect traffic content, coupled with our DNS Security service guard against data exfiltration, ensures our customers’ critical information stays in the environment where it belongs.
While some customers may prefer to use their perimeter firewalls in their on-prem data centers, customers running Kubernetes environments in the public cloud will require CN-Series to solve this use case. Here is a quick video demonstration, Outbound Traffic Protection Using CN-Series Container Firewall, for your reference.
Last but not least is the traditional inbound perimeter use case. Network security teams can prevent threats riding on inbound traffic to the container environment with our Threat Prevention and Wildfire malware analysis services. Again, depending on the customer’s environment and overall architecture they may elect to do this with their perimeter firewalls on-prem. Still, a CN-Series or VM-Series would be required to do this in public cloud environments.
All three of these use cases can be addressed regardless of whether the apps are hosted in an on-prem data center or a public cloud.
Find more information about Secure Your Kubernetes Future with CN-Series Container Firewalls.
Find the entirety of the three-part CN-Series by Raj Patil on our CN-Series Articles page.