AWS Announces General Availability of AWS Network Firewall
Amazon Web Services Inc., an Amazon.com company, announced the general availability of AWS Network Firewall, a new managed security service that makes it easier for customers to enable network protections across all of their AWS workloads. Customers can enable AWS Network Firewall in their desired Amazon Virtual Private Cloud (VPC) environments with just a few clicks in the AWS Console, and the service automatically scales with network traffic to provide high availability protections without the need to set up or maintain the underlying infrastructure. AWS Network Firewall’s flexible rules engine gives customers granular control to define their own custom rules or integrate with their existing security ecosystem by importing rules from leading AWS Partner Network (APN) security partners like AlertLogic, CrowdStrike, Fortinet, and Trend Micro. There are no additional charges or upfront commitments required to use AWS Network Firewall, and customers pay only by hours deployed and gigabytes processed.
“PMW 240 requires a cybersecurity solution that automates firewall infrastructure, scale, and performance to allow it to better focus on cyber alerts and protection of Navy data.”
AWS provides comprehensive protections to help customers secure their networks, such as AWS Web Application Firewall (WAF) to protect internet-facing web applications, AWS Shield to safeguard against Distributed Denial of Service (DDoS) attacks, and AWS Firewall Manager which provides central management and visibility across all firewall controls on AWS. While these and other protections combine to provide highly secure and flexible layers of defense, many customers also want a simple way to apply and manage blanket network protections across all of their workloads (e.g., domain-based access controls, monitoring to identify malicious traffic patterns, and unified traffic inspection spanning from the network layer to the application layer). Customers also want to customize these protections based on their organization’s specific security needs, import rules from other trusted providers that they already use, and easily integrate collected logs and network data into their existing security workflows. Customers are seeking easy-to-use and customizable network protections, without having to manually patch and maintain servers, handle failover, and provision capacity.
With Network Firewall, customers can easily deploy granular network protections across their entire AWS environment, without the need to configure and manage additional security infrastructure. AWS Network Firewall provides essential protections against common network threats, including dynamic packet filtering, intrusion prevention and detection, and web filtering. Customers can also implement customized Snort and Suricata rules (two widely used open source formats) to further tailor protections like preventing their VPCs from accessing unauthorized domains, blocking thousands of known bad IP addresses, or defending against common exploits by identifying patterns and behaviors associated with known threats. Customers can monitor firewall activity in real time via Amazon CloudWatch metrics, and can have AWS Network Firewall automatically send network traffic logs to Amazon Simple Storage Service (S3), Amazon Cloudwatch, and Amazon Kinesis Data Firehose for additional visibility and auditing purposes.