Network and Application Protection on AWS

Enforce fine-grained security policy at every network control point

Network and Application Protection services on AWS enable you to enforce fine-grained security policy at every network control point across your organization.  As you build your network using Networking services on AWS, you have flexible options for where and how you build your network architecture, from defining private subnets to public, Internet-facing networks. AWS Network and Application Protection services then provide equally flexible solutions that inspect and filter traffic to prevent unauthorized resource access. For example, for your web applications, you can easily setup always-on detection and automatic inline threat mitigations to maximize availability and application responsiveness.

Proven at scale

With Network and Application Protection on AWS, you can automatically scale inspection and protection mechanisms for workload high availability without having to manage infrastructure.

Extensive traffic visibility

Network and Application Protection on AWS gives you real-time traffic visibility, regardless of the port or protocol, from which you can enable fine-grained filtering, monitoring, and logging.

Active protection against a broad range of risks

Provides in-line control of traffic to help protect against unauthorized access, potential vulnerabilities, performance degradation, and data theft. This includes protection from common web exploits, preventing data transfers using malicious DNS queries, and advanced DDoS mitigations to help protect web applications.

Central management

Network and Application Protection on AWS provides a single place to centrally manage firewall rules across your accounts, aggregate security event reporting, and ensure consistent policy compliance across your entire infrastructure.

Why Use AWS Network and Application Protection Services

AWS provides your network and application security teams with services that address their particular protection needs and compliance requirements. AWS network and application protection services give you fine-grained protections at the host-, network-, and application-level boundaries. Amazon VPC security groups provide protections at the host-level for resources in your AWS workloads. For example, an RDS database can have its own security group per network interface with rules to allow inbound and outbound traffic to specific server IP ranges. At the network-level, AWS Network Firewall allows you to tightly control traffic to, from, and in-between your VPCs with capabilities such as stateful inspection, intrusion prevention, and web filtering. For web application protection, services like AWS Web Application Firewall allow you to filter any part of the web request, such as IP addresses, HTTP headers, HTTP body, or URI strings to block common attack patterns, such as SQL injection or cross-site scripting. AWS Shield protects your networks and applications from even the largest DDoS attacks and offers managed detection and response to fend off targeted attacks. Only at AWS can you get central management and visibility of all these network and application security services in one place through integration with AWS Firewall Manager. Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules.