Network and Application Protection on AWS
Network and Application Protection services on AWS enable you to enforce fine-grained security policy at every network control point across your organization. As you build your network using Networking services on AWS, you have flexible options for where and how you build your network architecture, from defining private subnets to public, Internet-facing networks. AWS Network and Application Protection services then provide equally flexible solutions that inspect and filter traffic to prevent unauthorized resource access. For example, for your web applications, you can easily setup always-on detection and automatic inline threat mitigations to maximize availability and application responsiveness.
AWS provides your network and application security teams with services that address their particular protection needs and compliance requirements. AWS network and application protection services give you fine-grained protections at the host-, network-, and application-level boundaries. Amazon VPC security groups provide protections at the host-level for resources in your AWS workloads. For example, an RDS database can have its own security group per network interface with rules to allow inbound and outbound traffic to specific server IP ranges. At the network-level, AWS Network Firewall allows you to tightly control traffic to, from, and in-between your VPCs with capabilities such as stateful inspection, intrusion prevention, and web filtering. For web application protection, services like AWS Web Application Firewall allow you to filter any part of the web request, such as IP addresses, HTTP headers, HTTP body, or URI strings to block common attack patterns, such as SQL injection or cross-site scripting. AWS Shield protects your networks and applications from even the largest DDoS attacks and offers managed detection and response to fend off targeted attacks. Only at AWS can you get central management and visibility of all these network and application security services in one place through integration with AWS Firewall Manager. Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules.