What is AWS Network Firewall?

As cloud adoption increases, the importance of cloud security grows as well. Under the Cloud Shared Responsibility Model, cloud customers share the responsibility of securing their cloud-based resources with their cloud provider.

Due to the difficulty of deploying traditional security solutions in the cloud, many cloud service providers offer built-in solutions, such as AWS Security Groups, to help their customers meet their security responsibilities. Amazon Web Services (AWS) Network Firewall is provided by AWS to help improve AWS security.

Schedule a Demo Get the Forrester Report

What is AWS Network Firewall?

How Does AWS Network Firewall Work?

AWS Network Firewall is a managed virtual firewall designed to protect Amazon Virtual Private Clouds (VPCs) from network threats. AWS Network Firewall is built into the AWS platform, and is designed to scale to meet the needs of growing cloud infrastructure.

Features of AWS Network Firewall

AWS Network Firewall provides several features and benefits, including:

  • Availability and Scaling: AWS Network Firewall has built-in redundancies to help ensure continuous protection against network threats. The firewall comes with a 99.99% uptime commitment and offers built-in scalability to meet evolving business needs.
  • Stateful Firewall: AWS Network Firewall is a stateful firewall, enabling it to track and inspect network connections rather than individual packets. With protocol identification, this enables filtering of different types of traffic based on protocol, IP address, and port numbers.
  • Web Filtering: AWS Network Firewall offers web filtering for inbound and outbound web traffic. This includes support for encrypted traffic by using unencrypted Server Name Indication (SNI) hostname data to identify and block traffic to undesirable sites.
  • Intrusion Prevention: An integrated intrusion prevention system (IPS) provides protection against vulnerability exploits and brute force attacks. It uses signature based detection to identify known types of anomalous traffic or malicious content.
  • Centralized Management: AWS Network Firewall offers flow logging and centralized visibility and management of security policies across an AWS deployment. This helps to enforce and roll out security policies across AWS security tools.
  • Partner Integrations: AWS Network Firewall offers integrations with a variety of different threat intelligence and security solution providers. This enables it to offer limited integration with Check Point’s CloudGuard.

Limitations of AWS Network Firewall

AWS Network Firewall provides a solid baseline of security for AWS cloud users. The ability to roll out highly scalable and available network security can help to mitigate some of the risks of cloud computing.
However, AWS Network Firewall does not provide comprehensive cloud network security.

These include the following:

  • AWS Focus: AWS is one of the most popular cloud platforms, but many organizations have deployed multi-cloud environments and have on-premises infrastructure as well. While AWS Network Firewall provides protection for AWS-based workloads, it does not offer the ability to enforce consistent security policies and controls across an organization’s entire IT environment.
  • Limited Security Integration: AWS includes a variety of integrations with AWS Partners’ security solutions; however, these integrations are also focused on securing AWS-based infrastructure and do not provide all of the features required to secure AWS environments. As a result, organizations must deploy a variety of solutions to secure their various environments, which increases the complexity of security management, raises the risk of security holes, and decreases the speed and effectiveness of incident detection and response.
  • Signature-Based Protection: AWS includes an integrated IPS that uses signature-based detection to identify and prevent attacks by known threats. However, signature-based detection provides no protection against novel and zero-day threats, which make up the majority of modern attack campaigns.

AWS Network Firewall offers a solid foundation for organizations looking to secure their AWS environments, but it does not provide all of the security features that companies need. Companies can fill these security gaps by augmenting AWS Network Firewall with security solutions that provide in-depth network and endpoint security and bridge the gaps between multi-cloud and on-prem environments.

Augmenting AWS Network Firewall with CloudGuard

AWS Network Firewall offers integrations with a variety of AWS Partner solutions. This includes the ability to take advantage of Check Point CloudGuard’s Cloud Security Posture Management (CSPM) capabilities. According to IBM research, two-thirds of cloud attacks are enabled by cloud misconfigurations that CloudGuard CSPM can help prevent.

For organizations looking to protect multi-cloud environments or need functionality and advanced threat prevention beyond what AWS Network Firewall offers, Check Point’s CloudGuard provides the ability to enhance and complement the native security features built into AWS environments. Like the AWS Network Firewall, CloudGuard is implemented as a cloud-native virtual appliance that enables organizations to take advantage of the full scalability and benefits of cloud-based environments with a solution tailored to AWS.
For organizations already using Check Point on-premises network security gateways, choosing CloudGuard for cloud network security should be a no-brainer, because it provides the same industry-leading threat prevention, is quickest to deploy due to reduced training and integrations, is easiest because it uses the same UI, processes and security policies as on-prem, has lowest risk compared to introducing new security solutions which may not work with their existing workloads, and enables lowest total cost of ownership because there is no need for new engineering staff to deploy and maintain the cloud security solution.

Check Point CloudGuard Network Security for AWS is available via the AWS Marketplace, enabling companies to implement defense in depth for their AWS-based infrastructure, and offers a range of vital cloud network security features including:

  • Firewall
  • Intrusion Prevention System (IPS)
  • Antivirus
  • Anti-Bot
  • IPSec VPN
  • Data Loss Prevention
  • Application Control
  • URL Filtering
  • SandBlast Zero-Day Protection including Threat Emulation and Threat Extraction

The first step in closing security gaps in your organization’s AWS deployment is to identify what holes exist. Check Point’s Cloud Security CheckMe provides a high-level assessment of the vulnerabilities within your AWS VPCs.

After identifying these security holes, learn how Check Point CloudGuard can be combined with AWS Network Firewall to close them. You’re also welcome to sign up for a free demo to see the full capabilities of CloudGuard for AWS in action.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.