Network and Application Protection on AWS

Enforce fine-grained security policy at every network control point

Network and Application Protection services on AWS enable you to enforce fine-grained security policy at every network control point across your organization.  As you build your network using Networking services on AWS, you have flexible options for where and how you build your network architecture, from defining private subnets to public, Internet-facing networks. AWS Network and Application Protection services then provide equally flexible solutions that inspect and filter traffic to prevent unauthorized resource access. For example, for your web applications, you can easily setup always-on detection and automatic inline threat mitigations to maximize availability and application responsiveness.
AWS provides your network and application security teams with services that address their particular protection needs and compliance requirements. AWS network and application protection services give you fine-grained protections at the host-, network-, and application-level boundaries. Amazon VPC security groups provide protections at the host-level for resources in your AWS workloads. For example, an RDS database can have its own security group per network interface with rules to allow inbound and outbound traffic to specific server IP ranges. At the network-level, AWS Network Firewall allows you to tightly control traffic to, from, and in-between your VPCs with capabilities such as stateful inspection, intrusion prevention, and web filtering. For web application protection, services like AWS Web Application Firewall allow you to filter any part of the web request, such as IP addresses, HTTP headers, HTTP body, or URI strings to block common attack patterns, such as SQL injection or cross-site scripting. AWS Shield protects your networks and applications from even the largest DDoS attacks and offers managed detection and response to fend off targeted attacks. Only at AWS can you get central management and visibility of all these network and application security services in one place through integration with AWS Firewall Manager. Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules.

Proven at scale
Network and Application Protection on AWS doesn’t require you to manage any infrastructure and can automatically scale inspection and protection mechanisms to ensure workload high availability.
Extensive traffic visibility
Network and Application Protection on AWS gives you real-time traffic visibility, regardless of the port or protocol, from which you can enable fine-grained filtering, monitoring, and logging.
Active protection against a broad range of risks
Network and Application Protection on AWS gives you complete in-line control of your traffic to protect against unauthorized access, potential vulnerabilities, and performance degradation. This includes stopping common web exploits to advanced DDoS mitigations that help protect web applications from the largest recorded attacks.
Central management
Network and Application Protection on AWS provides a single place to centrally manage firewall rules across your accounts, aggregate security event reporting, and ensure consistent policy compliance across your entire infrastructure.