March 17, 2025

Aviatrix at KubeCon EU 2025: Securing Kubernetes Across Hybrid and Multicloud Environments with New Kubernetes Firewall

Written by

In this exclusive VMblog interview, Bryan Ashley, VP of Product Marketing at Aviatrix, discusses how the company is tackling the complex security challenges facing enterprises deploying Kubernetes at scale. As organizations increasingly adopt AI workloads and distributed applications across multiple clouds, Aviatrix has responded with their recently launched Kubernetes Firewall solution.

Set to showcase at Booth S653 during KubeCon + CloudNativeCon EU 2025, Aviatrix aims to address critical issues including egress security, IP exhaustion, and policy enforcement across hybrid environments. Ashley explains how the Aviatrix Cloud Network Security platform helps unite cloud, networking, and security teams while providing the control and simplicity needed for modern cloud strategies in an increasingly AI-driven landscape.

VMblog:  Can you give us your elevator pitch?  What kind of message will an attendee hear from you this year?  What will they take back to help sell their management team and decision makers? 

Bryan Ashley:  Aviatrix is the only secure networking solution built specifically for the cloud that ensures companies are ready for AI and what's next. As cloud infrastructures become more complex and costly, the Aviatrix Cloud Network Security platform gives companies back the power, control, security, and simplicity they need to modernize their cloud strategies. More than 500 of the world's leading enterprises trust Aviatrix to unite their cloud, networking, and security teams and unlock greater potential across any cloud.

VMblog:  Where can attendees find you at the event? What interactive experiences, demos, or activities have you planned for your booth? 

Ashley:  Aviatrix will be at Booth S653, discussing Kubernetes networking and offering demos Aviatrix Kubernetes Firewall - our brand new solution that was just introduced to the market.

VMblog:  How has your company's presence at KubeCon evolved over the years? What keeps bringing you back? 

Ashley:  This is Aviatrix's third KubeCon and we're excited to be back again at KubeCon EU. We love seeing and connecting with the developer community, discussing their pain points and unique challenges and how Aviatrix can solve them. 

Our CTO, Anirban Sengupta, brings deep expertise in multi-cloud and Kubernetes and is truly passionate about this space. Over the years, our presence at KubeCon has grown significantly as we've expanded our booth presence, refined our messaging, and introduced new innovations to better serve this evolving industry.

What keeps bringing us back is the incredible community of cloud and Kubernetes practitioners. KubeCon is the perfect platform to connect, share insights, and demonstrate how Aviatrix helps enterprises secure and simplify Kubernetes networking with solutions like the Aviatrix Kubernetes Firewall. We're excited to continue being part of this evolving conversation.

VMblog:  Can you double click on your company's technologies?  And talk about the types of problems you solve for a KubeCon + CloudNativeCon attendee. 

Ashley:  There's no doubt about the enormous business value of the cloud and its impact on innovation. But the business power we gained in being able to scale exponentially also introduced security risks, operational complexities, and increasing costs. Beyond that, it has created organizational friction as internal cloud, networking, and security teams find themselves at odds with each other when it comes to cloud strategies and how to execute on them. Aviatrix takes a cloud-agnostic approach to ensure robust security and compliance for the future of enterprise workloads. The Aviatrix Kubernetes Firewall and related products empower organizations to confidently scale Kubernetes deployments while maintaining their security posture, governance, and adherence to industry standards. The Aviatrix Kubernetes Firewall extends Aviatrix's Cloud Firewall capabilities, delivering a comprehensive security and networking solution tailored for Kubernetes workloads across AWS, Azure, Google Cloud, and on-premises environments. Key features include:

  • Granular identity-based security: Policy enforcement based on Kubernetes-native identities ensures dynamic, workload-aware security.
  • Unified cloud, hybrid, and multicloud visibility: Enterprises gain real-time visibility into Kubernetes traffic across all environments, enhancing observability and anomaly detection.
  • Integrated security for VMs and Kubernetes: A single security model unifies security policies across containerized and legacy applications, simplifying management and enforcement.
  • Egress traffic control and compliance: Enforced policy-based egress filtering maintains compliance with standards such as PCI-DSS, HIPAA, and SOC 2.
  • Automated policy management: A centralized control plane streamlines the definition and enforcement of security policies across multicloud and multi-cluster environments.

VMblog:  In an increasingly crowded cloud-native and Kubernetes market, what makes your solution stand out in 2025? What makes it unique or differentiating? 

Ashley:  Unlike traditional perimeter defenses, Aviatrix's cloud firewalls are cloud-agnostic and provide security at every level of the network. And rather than a siloed approach, Aviatrix's solutions provide comprehensive security across the entire cloud, hybrid and multicloud network. The Aviatrix Kubernetes Firewall addresses challenges that existing Kubernetes security solutions struggle with.  Traditional container network interfaces (CNIs) and service meshes play an important role in Kubernetes networking, but they are challenged with enforcing cross-cluster, multicloud and hybrid security policies at scale. Aviatrix extends these tools with identity-based segmentation, unified security, and deep visibility across cloud environments - ensuring enterprises can scale securely and stay compliant.

VMblog:  With AI and machine learning becoming increasingly central to cloud-native applications, how does your solution address these emerging needs? 

Ashley:  There are two sides to this: How organizations can protect their digital ecosystems, which are expanding rapidly with AI adoption, and how AI can be leveraged within secure networking solutions to help solve some of the problems it's creating.

As AI workloads drive competitive advantage, securing proprietary models and sensitive training data is paramount. Without proper security enforcement, organizations risk data leakage, adversarial AI attacks, and regulatory non-compliance. Aviatrix provides Zero Trust security, multicloud visibility, and identity-aware controls to protect high-value AI assets from emerging threats.

Aviatrix takes a practical, results-driven approach to AI, avoiding the trend of indiscriminately adding "AI" to marketing narratives. Instead of AI-washing, we focus on applying GenAI where it meaningfully reduces operational toil and enhances practitioner efficiency. From automating tedious troubleshooting workflows to intelligently surfacing actionable insights, AI in Aviatrix products is designed to augment teams rather than overwhelm them. Our goal is to empower cloud practitioners with AI-driven recommendations, proactive anomaly detection, and streamlined operations that allow them to focus on strategic initiatives rather than routine tasks. Our Cloud Firewall uses AI recommendations to offer health scores for your network, monitor traffic flows, and provide intelligent insights. 

VMblog:  Is your company involved in or presenting any sessions during the event? Can you give us the details?  What key insights will attendees gain? 

Ashley:  We have great demos in our booth staffed by Kubernetes experts - we're ready to connect with show attendees! Attendees will see first-hand how Aviatrix Kubernetes Firewall can solve complex security challenges, including:

  • Eliminating Uncontrolled Egress Exposure: Traditional cloud security leaves outbound traffic largely unmanaged, creating risks for data exfiltration and malicious activity. Aviatrix provides granular egress controls with intelligent FQDN filtering and policy-based enforcement, ensuring that only authorized traffic reaches the internet.
  • Resolving Overlapping IP Challenges: Merging cloud networks with conflicting IP spaces-whether due to acquisitions, multicloud expansion, or partner connectivity-has long been a challenge. Aviatrix simplifies this complexity with advanced NAT and routing intelligence, enabling seamless connectivity without disruptive IP renumbering.
  • Policy-as-Code for Cloud-Native Security: Security teams need a scalable way to enforce policies across dynamic cloud environments. With Custom Resource Definitions (CRDs), Aviatrix Distributed Cloud Firewall integrates directly with Kubernetes and IaC workflows, ensuring security is embedded into cloud-native operations.
  • Unified Security Across Multicloud and Hybrid Environments: Security fragmentation across cloud providers leads to inconsistencies and operational risks. Aviatrix enforces consistent security policies across AWS, Azure, Google Cloud, and on-prem environments, giving organizations a single, unified control plane for their cloud security posture.

VMblog:  What's your elevator pitch for a CTO or CIO? How does your solution impact the bottom line?

Ashley:  Aviatrix delivers cloud network security that eliminates the trade-offs between speed, cost, and security, enabling enterprises to scale without compromise. Traditional cloud security is fragmented, forcing teams to manage inconsistent policies across multiple providers, slowing innovation, and increasing risk. Our platform unifies security and networking with policy-as-code, allowing developers to move fast while ensuring holistic governance and compliance. We solve egress security, overlapping IP challenges, and consistent enforcement across hybrid and multicloud environments, reducing operational overhead and security gaps. By embedding security into cloud-native workflows and automating complex network policies, Aviatrix lowers risk, reduces costs, and accelerates application modernization efforts-directly impacting the bottom line by cutting security spend, improving developer efficiency, and preventing costly breaches.

VMblog:  Are you launching any new products or features at KubeCon? What can attendees expect to see first at your booth? 

Ashley:  We've just launched the Aviatrix Kubernetes Firewall, a new solution designed to tackle the pervasive security challenges and application modernization operational challenges faced by enterprises operating Kubernetes deployments at scale, particularly those in hybrid and multicloud environments. We'll be demoing the solution at our booth, so stop by with your Kubernetes security questions and our experts will be on hand to answer them.

VMblog:  What are the remaining barriers to Kubernetes adoption in 2025? How does your solution help overcome these challenges? 

Ashley:  There are two challenges that enterprises tell us they struggle with. First is IP exhaustion. While cloud providers and Kubernetes-native tools attempt to abstract IP address management, the reality is that cloud provider IP allocation is limited, resulting in early depletion in large-scale deployments.

Kubernetes CNIs don't solve IP management at scale, as they were built for basic pod networking, not solving multi-cluster IP conflicts or managing scalable IP allocation. As Kubernetes clusters expand across clouds/regions and IP conflicts arise, overlapping CIDRs create further routing and compliance risks, causing connectivity failures, compliance violations, and security gaps. The Aviatrix Kubernetes Firewall provides dynamic IP allocation, real-time CIDR conflict resolution, and identity-based enforcement, ultimately ensuring secure, scalable Kubernetes networking. 

The second problem is egress security and compliance gaps between Kubernetes and traditional VM workloads. The Aviatrix Kubernetes Firewall provides a comprehensive security solution for cloud-native applications. It provides consistent micro-segmentation and dynamic policy enforcement across all environments, enabling you to extend zero trust networking across traditional VM workloads and Kubernetes. As an automated and multicloud-aware solution, it eliminates manual workarounds, operational silos, and unnecessary risk.

VMblog:  With the rise of hybrid operations, how do you help enterprises balance cloud-native and on-premises deployments? 

Ashley:  Traditional firewalls were designed for the static, perimeter-based security model of the on-premises data center. But cloud environments are dynamic-workloads scale up and down, communicate across regions, and integrate with external services. The traditional firewalls developed virtualized versions which can run in the cloud, but they're not built to address many of the ways that the cloud is fundamentally different from the on-premises environment. That requires a cloud-native firewall built explicitly for distributed security enforcement in a hybrid cloud environment. The Aviatrix Cloud Firewall provides flexible, scalable, and service-integrated security controls. This enables enterprises to enforce security at multiple layers-per workload, per application, or at the network level-without forcing traffic through a single choke point.

VMblog:  What booth activities or giveaways have you planned to engage with attendees? 

Ashley:  We've got some exciting giveaways and raffle prizes to make your visit to our booth even more rewarding. Attendees will have a chance to win daily, a LEGO set by stopping by our booth or attending our Kubernetes Firewall demo. Plus, we'll have other booth goodies-so don't be shy and stop by. 

But most importantly, our passionate and knowledgeable team is excited to engage with attendees, share insights, and discuss how Aviatrix can help secure and simplify Kubernetes networking!

VMblog:  What big changes or trends does your company see taking shape for 2025? 

Ashley:  With the growth of new AI, GenAI, and ML applications, Kubernetes is becoming more and more the platform of choice. These new applications are more distributed than traditional applications - previously, most applications were built in one cloud, but with best-of-breed AI models, they are generated in edge. The data resides in one place, the models reside in another place, and the applications run somewhere else. 

Securing the data, e.g. PII or credit card info, fueling these models is incredibly important. Nation state-sponsored attacks, like the recent Salt Typhoon, and other bad actors are trying to extract data from these high value assets. To address this, companies need what we refer to as a secure, end-to-end fabric across AWS, Azure, Google Cloud, and on-prem environments. 

VMblog:  What are you personally most interested in seeing or learning at KubeCon + CloudNativeCon? 

Ashley:  We're excited to see how the Kubernetes ecosystem continues to evolve, especially around networking, security, and multi-cloud connectivity. Additionally, we're looking forward to hearing how organizations are tackling these challenges, exploring emerging trends in Kubernetes security, and connecting with industry leaders to exchange insights. Most of all, we're excited to engage with the KubeCon community and learn from real-world implementations.

David Marshall

David Marshall has been involved in the technology industry for over 19 years, and he's been working with virtualization software since 1999. He was able to become an industry expert in virtualization by becoming a pioneer in that field - one of the few people in the industry allowed to work with Alpha stage server virtualization software from industry leaders: VMware (ESX Server), Connectix and Microsoft (Virtual Server).

Through the years, he has invented, marketed and helped launch a number of successful virtualization software companies and products. David holds a BS degree in Finance, an Information Technology Certification, and a number of vendor certifications from Microsoft, CompTia and others. He's also co-authored two published books: "VMware ESX Essentials in the Virtual Data Center" and "Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center" and acted as technical editor for two popular Virtualization "For Dummies" books. With his remaining spare time, David founded and operates one of the oldest independent virtualization news blogs, VMblog.com. And co-founded CloudCow.com, a publication dedicated to Cloud Computing. Starting in 2009 and continuing all the way to 2016, David has been honored with the vExpert distinction by VMware for his virtualization evangelism.

Platinum Sponsors

Aviatrix


EnterpriseDB


Heroku from Salesforce


Mirantis


Nutanix


VictoriaMetrics

Gold Sponsors

Akamai


Control Theory


GitLab


Tintri

Latest Videos