Amazon Web Services Inc. Tuesday expanded its presence in the cybersecurity market with the introduction of AWS Network Firewall, a managed firewall service designed to protect customers’ cloud environments from malicious traffic.

All firewalls are based on the same basic principle: They act as a filter that prevents malicious network traffic from reaching a company’s applications. Administrators can customize how filtering is performed by setting rules for what kind of traffic is allowed and what isn’t. AWS Network Firewall can be configured to block or allow packets based on the IP addresses from which they originate, what part of a company’s cloud environment they’re headed to and other parameters.

The service also includes more specialized threat blocking features. AWS has added in what it describes as a signature detection engine that sifts through network traffic for byte sequences associated with malicious activity patterns. The technology can spot, among others, hacking campaigns that seek to exploit software vulnerabilities in a cloud environment. Moreover, it detects so-called brute force attacks such as attempts to guess a database password through repeated login attempts.

For added security, companies can configure AWS Network Firewall to block unauthorized outbound traffic sent from inside a cloud deployment to external domains. Restricting outbound traffic is a useful way of mitigating breaches in scenarios where hackers manage to evade a company’s defenses and compromise an internal system. Firewall rules can prevent a compromised system from “calling home” to a remote command-and-control server to transmit stolen data or download additional malicious payloads. 

Beyond improving security, AWS Network Firewall is aimed at improving the user experience for cloud administrators. The cloud giant already provided firewall features before, but they were scattered across multiple products. “We heard customers want an easier way to scale network security across all the resources in their workload, regardless of which AWS services they used,” explained Channy Yun, AWS’ principal developer advocate.

A big part of how AWS Network Firewall improves usability is that it facilitates centralized management. Large enterprises often have multiple firewall instances, each of which can have hundreds of traffic blocking rules or more. Enabling administrators to manage multiple instances in one place not only saves time but also reduces the risk of configuration oversights that may weaken security.

AWS Network Firewall is rolling out with integrations for more than a half-dozen partner products on launch. Integrations are available from partners including IBM Corp., threat detect provider Alert Logic Inc., Splunk Inc. and others. 

Photo: Tony Webster/Flickr