Amazon Web Services has launched its AWS Network Firewall, a managed firewall service for Virtual Private Cloud to deploy necessary network protection across all AWS workloads. The latest service from the cloud giant allows users to deploy and manage stateful inspections to protect AWS virtual networks.
AWS claims that security is their number one priority and have provided multiple firewall capabilities addressing specific security needs including Security Groups to protect Amazon Elastic Compute Cloud (EC2) instances, AWS Web Application Firewall (WAF) to protect web applications running on Amazon CloudFront, AWS Shield to protect against Distributed Denial of Service (DDoS) attacks, etc.
According to the blog post announcing the launch of Network Firewall, it takes just a few clicks in the AWS console to enable the service in the desired Amazon Virtual Private Cloud (VPC) environments, and the service scales automatically according to network traffic without worrying about deployment or management of infrastructure. AWS Network Firewall’s flexible engine allows users to have a granular control to set own rules or integrate with their existing rules.
The service also allows users to implement customized Snort or Suricata rules to prevent their VPCs from accessing unauthorized domains, blocking thousands of known bad IP addresses, or using signature-based detection to identify malicious activity. Real-time cloud activity of the users can be monitored via Amazon CloudWatch metrics, and the network traffic logs can automatically be sent to various Amazon storage services for additional visibility. AWS Network Firewall also integrates with AWS Firewall Manager to offer a seamless experience for the users.
AWS claims users can centrally implement the policies based on AWS Network Firewall to all VPCs and accounts through AWS Firewall Manager Console. AWS Network Firewall uses stateless and stateful traffic inspection rules engines configured inside a firewall policy based on user’s rules and settings. AWS Network Firewall can be managed with three components — firewall, firewall policy, and rule group.
Channy Yun, the Principal Developer Advocate for AWS, said, “we heard customers want an easier way to scale network security across all the resources in their workload, regardless of which AWS services they used. They also want customized protections to secure their unique workloads, or to comply with government mandates or commercial regulations. These customers need the ability to do things like URL filtering on outbound flows, pattern matching on packet data beyond IP/Port/Protocol and the ability to alert on specific vulnerabilities for protocols beyond HTTP/S.”
Lastly, Network Firewall also integrates with various AWS Partners including Datadog, Fortinet, IBM Product, IBM Services, Sumo Logic, and Splunk to provide the users with an improved experience. AWS Network Firewall is currently available in US East, US West, and Europe (Ireland) regions.