The FINANCIAL — Amazon Web Services Inc., an Amazon.com company, announced the general availability of AWS Network Firewall, a new managed security service that makes it easier for customers to enable network protections across all of their AWS workloads. Customers can enable AWS Network Firewall in their desired Amazon Virtual Private Cloud (VPC) environments with just a few clicks in the AWS Console, and the service automatically scales with network traffic to provide high availability protections without the need to set up or maintain the underlying infrastructure. AWS Network Firewall’s flexible rules engine gives customers granular control to define their own custom rules or integrate with their existing security ecosystem by importing rules from leading AWS Partner Network (APN) security partners like AlertLogic, CrowdStrike, Fortinet, and Trend Micro. There are no additional charges or upfront commitments required to use AWS Network Firewall, and customers pay only by hours deployed and gigabytes processed.
AWS provides comprehensive protections to help customers secure their networks, such as AWS Web Application Firewall (WAF) to protect internet-facing web applications, AWS Shield to safeguard against Distributed Denial of Service (DDoS) attacks, and AWS Firewall Manager which provides central management and visibility across all firewall controls on AWS. While these and other protections combine to provide highly secure and flexible layers of defense, many customers also want a simple way to apply and manage blanket network protections across all of their workloads (e.g., domain-based access controls, monitoring to identify malicious traffic patterns, and unified traffic inspection spanning from the network layer to the application layer). Customers also want to customize these protections based on their organization’s specific security needs, import rules from other trusted providers that they already use, and easily integrate collected logs and network data into their existing security workflows. Customers are seeking easy-to-use and customizable network protections, without having to manually patch and maintain servers, handle failover, and provision capacity.
With AWS Network Firewall, customers can easily deploy granular network protections across their entire AWS environment, without the need to configure and manage additional security infrastructure. AWS Network Firewall provides essential protections against common network threats, including dynamic packet filtering, intrusion prevention and detection, and web filtering. Customers can also implement customized Snort and Suricata rules (two widely used open source formats) to further tailor protections like preventing their VPCs from accessing unauthorized domains, blocking thousands of known bad IP addresses, or defending against common exploits by identifying patterns and behaviors associated with known threats. Customers can monitor firewall activity in real time via Amazon CloudWatch metrics, and can have AWS Network Firewall automatically send network traffic logs to Amazon Simple Storage Service (S3), Amazon Cloudwatch, and Amazon Kinesis Data Firehose for additional visibility and auditing purposes.
“When we talk to customers about what they want in a cloud network firewall they tell us that they want network protections that work with their existing security systems and without the headache of managing the underlying infrastructure,” said Steve Schmidt, CISO, AWS. “AWS Network Firewall provides scalable network protections that allow customers to deploy highly customizable rules for their entire AWS infrastructure, and integrates with many of the APN partner services that customers already use. Best of all, there’s no need to configure or maintain additional infrastructure.”
AWS Network Firewall integrates with AWS Firewall Manager, allowing customers to build policies based on AWS Network Firewall rules and centrally apply those policies across their VPCs and accounts through the AWS Firewall Manager Console and API. Leading providers, including Accenture, Alert Logic, Check Point Software Technologies, CrowdStrike, Datadog, Fortinet, Hashicorp, IBM, Palo Alto Networks, Rackspace, Splunk, SumoLogic, Trend Micro, and Tufin have built integrations with AWS Network Firewall, with more coming soon. These integrations allow customers to easily incorporate AWS Network Firewall into their existing security workflows for orchestration, automation, and threat detection and response. AWS Network Firewall is available today in the US East (N. Virginia), US West (Oregon), and Europe (Dublin) regions, with more regions coming soon.
For more than 125 years, GE has invented the future of industry. “We have a high bar for security at GE, which means we dedicate a considerable amount of time and resources to network protection across our sizeable cloud footprint,” said Matthew Green, Sr. Director of Cloud Architecture, GE. “AWS Network Firewall will continue to keep GE on the bleeding edge of cloud technology and afford us the opportunity to utilize best-in-class firewalling and threat detection to protect our egress traffic across all our workloads.”
The U.S. Navy Sea Warrior Program’s mission is to rapidly identify and implement affordable IT solutions. After testing AWS Network Firewall’s scalability and functionality, the US Navy agrees that the service meets the needs of the program. “The U.S. Navy Sea Warrior Program (PMW 240) has a requirement for cybersecurity as a service and is testing options within an Other Transaction Authority (OTA) contract vehicle awarded to AWS via the IWRP OTA,” said a representative from Navy PMW 240 Sea Warrior. “PMW 240 requires a cybersecurity solution that automates firewall infrastructure, scale, and performance to allow it to better focus on cyber alerts and protection of Navy data.”
Fortinet secures the largest enterprise, service provider, and government organizations around the world. “Fortinet’s work with cloud customers of all shapes and sizes gives us broad visibility into the most critical components of network security in the cloud,” said John Maddison, EVP of Products and CMO at Fortinet. “We’ve made this expertise available to all AWS Network Firewall customers in the form of managed rules based on threat intelligence from FortiGuard Labs. Our collaboration with AWS will make it easy for customers to seamlessly integrate Fortinet threat intelligence with AWS Network Firewall as an additional layer of protection alongside their existing security.”
Rackspace Technology is a leading end-to-end multicloud technology services company. “At Rackspace we have a long history of supporting small and midsize businesses in their journey to the cloud, and one of the most common challenges these customers face is finding a simple and accessible way to secure their network and web applications,” said Aaron Hackney, Principal Architect of Network Security, Rackspace Technology. “Existing solutions are often either exclusively aimed at big enterprises and thus too costly and complex, or too bare bones to be truly effective without a lot of customization and additional development. AWS Network Firewall gives these customers powerful protections against common network threats without requiring existing security expertise or piles of money just to get started.”
Discussion about this post