Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments.The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services.\u201cAviatrix is the first to deliver a distributed cloud firewall,\u201d said Rod Stuhlmuller, vice president of solutions marketing at Aviatrix. \u201cCustomers are no longer constrained by last-generation firewall architectures in the cloud. This changes the game and allows enterprises to both reduce cloud infrastructure costs and improve security immediately across all their public cloud environments.\u201dAviatrix distributed cloud firewall is available at launch and can be deployed on AWS, Azure, and GCP marketplaces with a metered pricing model. While existing customers will have to upgrade to gain features, new customers can access them through a fresh subscription.Existing solutions outdated by evolved cloud workloads \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Aviatrix aims to address the growing networking needs of modern multicloud deployments as existing solutions have an outdated centralized inspection point that cloud traffic needs to redirect through.\u201cAs enterprises have worked to modernize their application architectures and infrastructure by migrating to the public cloud, many have simply replicated on-premises firewall architectures in the cloud,\u201d said John Grady, principal analyst at Enterprise Strategy Group. \u201cThis can require complex configuration, policy management, and routing paths to ensure proper inspection, all of which are complicated in multicloud environments.\u201dContainerized, ephemeral, modern cloud applications, with direct-to-internet and service mesh connections, rely heavily on PaaS services and API gateways for elastic scaling, according to Aviatrix. This breaks both traditional centralized and agent-based network security approaches in the cloud.Additionally, security teams in dynamic application environments need to adapt by shifting policy creation to account for changing IP addresses and aligning with rapid release cycles through DevSecOps automation and CI\/CD pipelines in cloud infrastructure delivery.\u201cA truly converged solution that offers centralized management and distributed inspection and enforcement across multiple cloud providers is needed,\u201d Grady added.Aviatrix leverages dynamic cloud workload identity tagsAviatrix\u2019s distributed cloud firewall features a centralized programmable interface that claims to create and push policies wherever required across any multicloud environment, leveraging dynamic cloud workload identity tags and attributes instead of static IP addresses.It also abstracts how and where policies are enforced by programmatically configuring native cloud services where required.\u201cAviatrix Distributed Cloud Firewall embeds network security inspection and policy enforcement into the cloud network data plane; it\u2019s not bolted on as a centralized inspection point that cloud traffic must be un-naturally redirect through,\u201d Stuhlmuller said. \u201cDistributing network security inspection and policy enforcement into the natural path of network traffic greatly reduces cloud infrastructure costs, and operational complexity, and improves security.\u201dThe company also claims a consistent native cloud network and security orchestration in the sense that it supports native cloud APIs for both cloud network and cloud security orchestration to remove underlying cloud infrastructure complexities, create consistency across cloud service providers, and avoid conflicts between networking and security configurations.\u201cBy embedding security into the network, protection is placed closer to workloads but without having to manually configure and deploy firewall instances,\u201d Grady said. \u201cThis provides more granular visibility, as security teams can see everything traversing the network and have a deeper understanding of the relationships between entities. It also allows for protecting east\/west traffic and microsegmentation policies without having to hairpin traffic to dedicated firewalls.\u201dApart from basic firewalling, Aviatrix\u2019s distributed cloud firewall supports microsegmentation, network isolation, automated threat detection and mitigation, anomaly detection, vulnerability scanning, cloud workload risk scoring, L7 decryption and inspection, full traffic visibility, and audit reporting.US-based multinational hospitality company Choice Hotels, with nearly 7,500 hotels in more than 40 countries, is an early customer deploying Aviatrix in its modern cloud infrastructure.