When it comes to protecting machines from malicious network connections there are plenty of options, and depends on which portion of the network request you care about.
If our concern is at a network level, like around the layer 3 or 4 of the OSI model, a firewall is the most likely tool that will make you happy.
Firewalls are amongst us since the very beginning of times, iptables being the one I remember the first when I think about them.
In the following picture you can see, at a high level, the responsibility of a Firewall, which is just filtering out malicious requests.
Yes, we are in 2021, a lot of things happened since the “beginning of times” I was talking about, mainly the irruption of Cloud Computing.
That “box” acting as a firewall as something monolithic is a thing of the past. We welcome cloud native solutions nowadays and cloud firewalls are one the best examples.
Alibaba Cloud “Cloud Firewall”
Cloud Firewall is one of the first SaaS firewall deployed on the public cloud. It should be your first choice for network security to safeguard your machines on the cloud.
Apart of working on the layers 3 and 4, this firewall also work, at a basic level, at the layer 7. But don’t worry, this is not a WAF.
The main benefit of this type of FaaS (Firewall as a Service) is the capability to centrally manage the policies controlling the north-to-south traffic to your machines. As a managed and integrated service, it also controls, natively, the traffic between VPCs, Express Connections, and VPN-based access.
According to Alibaba Cloud, this service is embedded with an Intrusion Prevention System (IPS) and helps you detect and visualise outbound connections from your machines, as well as storing network traffic logs for several months.
In terms of pricing, this product is very competitive when you compare it to other equivalent solutions (with more complex setups). The 3 available subscriptions are “Premium“, “Enterprise” and “Ultimate“, being $420, $1450 and $3900 per month respectively. If you have experience with solutions like Palo Alto or others, you instantly realise how many more coffees you’ll be able to take every month thanks to this prices ;)
Differences between editions
As you may imagine, the difference between all those “Premium“, “Enterprise” and “Ultimate” versions are the differences around protection and about how many resources and networks to protect. Below you can find the table comparing those.
If you want, you can apply for a week free of charge to test all the features of this firewall. Also, if one week is not enough to test it all for your business requirements, usually is easy to find help from Alibaba Cloud BDs or Solutions Architect to get a bit more of time to test properly when there is a real business need.