Palo Alto Networks today announced its partnership with Amazon Web Services (AWS) to natively integrate its next-generation firewall into the public cloud for the first time.
The Palo Alto Networks Cloud NGFW for AWS brings together the security vendor’s firewall capabilities with the simplicity and scalability of the public cloud to secure AWS deployments. “You get the best of both worlds,” touted Anand Oswal, SVP and GM at Palo Alto Networks.
Oswal pointed out that the common denominator across all of the recent cyberattacks — including those exploiting vulnerabilities like Log4Shell, cryptojacking, and ransomware — is a network. “That's why best in class network security that can successfully prevent these sophisticated and evasive attacks is more critical than ever in the public cloud,” he told SDxCentral.
The AWS firewall service uses inline deep learning to stop zero-day web threats, invasions, vulnerability exploits, and other sophisticated attacks. It is “the best of what we do at Palo Alto [Networks],” Oswal said, adding the vendor blocks over 224 billion cyberthreats and delivers four and a half million security updates to protect its customers against new threats every day.
In addition, the firewall is embedded within the AWS native services, so customers can set it up through the AWS marketplace in just a few clicks, he added. It shifts operational responsibilities such as deployment and maintenance to Palo Alto Networks.
For automation, the service supports APIs and the CloudFormation and Terraform templates which allow “end to end workflow automation,” Oswal explained. “It is a resilient cloud service, so it requires zero maintenance, eliminates the infrastructure management, and scales dynamically with your network traffic.”
And from the zero-trust perspective, organizations can use a variety of services to control access to resources, but they also need the ability to inspect traffic that crosses trust boundaries when implicit trust cannot be established through identity, Stephen Orban, VP of AWS Marketplace and control services at AWS, wrote in response to questions.
"Cloud NGFW can be used to provide fine-grained access control to AWS resources and secure traffic to or from resources within the AWS environment when implicit trust can’t be established," he added.
Integrating With AWS Firewall ManagerThe cloud-based firewall service integrated with the AWS firewall manager to bring simpler and more consistent firewall policy management across AWS accounts and virtual private clouds (VPCs), according to Oswal.
AWS added the managed network firewall service to its security tool chest in 2020. It lets customers define their own custom rules, or they can integrate with security partners and import their existing rules from these third-party vendors, and also automatically scale with network traffic to protect customers’ workloads running on AWS.
The AWS network firewall service “is basically an open source, cloud-based firewall that can import some rules from vendors. So what we get with Palo Alto [Networks] is the industry-leading next-gen firewall with all the capabilities,” Oswal said.
The combination allows users to apply the policy they defined across all AWS accounts and VPCs. “And as you add more VPCs, as you grow, it's very scalable, and that's why the automation has caught up from, and that's why the whole power of being a cloud-native service,” he added.
AWS, Microsoft Azure, Google Cloud Firewalls ComparisonAWS’s rivals Microsoft Azure and Google Cloud Platform all offer network firewall services. Azure claims its cloud-native network firewall-as-a-service offers built-in availability and cloud scalability for both east-west and north-south traffic inspection. Google Cloud touted its firewalls are fully embedded in the cloud networking fabric and highly scalable.
In comparison, Oswal reiterates the new AWS cloud firewall offers “the best in class.”
“Next-generation firewall is what Palo Alto is known for,” he said. “We have been a Magic Quadrant leader in firewalls for 10 consecutive years, and all the innovation that we've done in our deep learning, machine learning, zero-day threats, etc. is all applicable here.”
Organizations have embraced the cloud because they want to focus their energies on the core competencies, but they are also facing a new challenge — the rise of cyber attacks, Oswal said. “So we bring the best of both — the best in class network security that we are known for and pair it with the simplicity, the scalability of things that we have at AWS — to offer the customers this unique cloud NGFW solution.”
UPDATE: This story has been updated to add comments from AWS.