AWS Network Firewall provides network protection across all workloads

Virtual security/privacy shield

AWS has launched a new security service for customers running virtual private clouds on AWS.

The AWS Network Firewall promises a high-availability, managed network firewall for customers’ workloads. AWS claims the firewall will offer protections against common network threats, including dynamic packet filtering, intrusion prevention and detection, and web filtering.

AWS said customers can also implement customized Snort and Suricata rules — two widely used open-source formats — to further tailor protections, like:

  • Preventing their VPCs from accessing unauthorized domains
  • Blocking thousands of known bad IP addresses
  • Defending against common exploits by identifying patterns and behaviors associated with known threats.

In a blog post, Channy Yun, principal developer advocate for AWS, said the Network Firewall makes firewall activity visible in real-time via CloudWatch metrics and offers increased visibility of network traffic by sending logs to S3, CloudWatch and Kinesis Firehose.

“Network Firewall is integrated with AWS Firewall Manager, giving customers who use AWS Organizations a single place to enable and monitor firewall activity across all your VPCs and AWS accounts,” he said.

Steve Schmidt, CISO at AWS, said that when talking to customers about what they want in a cloud network firewall, they say network protections that work with their existing security systems and without the headache of managing the underlying infrastructure.

“AWS Network Firewall provides scalable network protections that allow customers to deploy highly customizable rules for their entire AWS infrastructure, and integrates with many of the APN partner services that customers already use. Best of all, there’s no need to configure or maintain additional infrastructure,” he added.

AWS partners have built integrations with AWS Network Firewall include:

  • Accenture
  • Alert Logic
  • Check Point Software Technologies
  • CrowdStrike
  • Datadog
  • Fortinet
  • Hashicorp
  • IBM
  • Palo Alto Networks
  • Rackspace
  • Splunk
  • SumoLogic
  • Trend Micro
  • Tufin

AES expects more partners to come soon. These integrations allow customers to easily incorporate AWS Network Firewall into their existing security workflows for orchestration, automation and threat detection and response.

“We've made this expertise available to all AWS Network Firewall customers in the form of managed rules based on threat intelligence from FortiGuard Labs. Our collaboration with AWS will make it easy for customers to seamlessly integrate Fortinet threat intelligence with AWS Network Firewall as an additional layer of protection alongside their existing security,” said John Maddison, EVP of products and CMO at Fortinet.

AWS Network Firewall is available now in the US East (Northern Virginia), US West (Oregon), and Europe (Ireland) Regions. Pricing starts at 39.5 cents per hour a firewall is provisioned and 6.5 cents every GB of data the firewall processes.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.