Palo Alto Networks has launched a new, fully managed “next-generation” firewall (NGFW) service in partnership with Amazon Web Services (AWS) designed to remove the complexities of securing AWS cloud deployments.
According to the network firewall vendor, Cloud NGFW for AWS enables organisations to speed up cloud innovation while remaining secure.
When announcing the new service, the vendor claimed it has recognised that its customers need to dedicate time and resources to building applications and running their businesses instead of managing cloud network security infrastructure.
Cloud NGFW for AWS therefore shifts operational responsibility for deployment, maintenance, availability, and scale to the security vendor.
“A key reason that companies have embraced the cloud is that they want to concentrate on their core competencies and leave other tasks like infrastructure and underlying services to experts like AWS,” said Anand Oswal, senior vice president of Network Security at Palo Alto Networks.
“As cyber attacks continue to grow in frequency and sophistication, organisations are looking for network security that is as easy to deploy as other native AWS services.”
Service offers “best-in-class” cloud security and simplicity
Palo Alto Networks’ new platform integrates with AWS Firewall Manager and is designed to bring together “best-in-class” cloud protection and simplicity, according to Oswal.
As such, it offers a range of cloud-centric security features, including advanced URL filtering that uses deep learning to help stop zero-day threats in real-time while allowing applications to securely connect to legitimate web-based services.
This is in addition to threat prevention to thwart known vulnerability exploits, malware, and command-and-control communication, alongside app-ID to reduce the risk of attack by controlling traffic based on patented Layer 7 traffic classification.
Cloud NGFW for AWS also has several features that allow for "straightforward implementation", according to Oswal. These include the fact that, as the platform is a fully managed cloud service, organisations do not need to deploy, update, or manage any of the infrastructure.
Furthermore, the service leverages AWS Gateway Load Balancer, providing high availability and elastic scaling on-demand to meet "unpredictable throughput needs". It also allows for consistent firewall policy management across multiple AWS accounts and virtual private clouds, whilst support for API, CloudFormation and Terraform templates enables automation of end-to-end workflows.
“The way it should have been all along”
“With the release of this service, Palo Alto is offering firewall in the cloud the way it should have been all along—as a ‘native-like’ service,” Forrester senior analyst David Holmes told CSO. “For years, firewall vendors have tried to convince customers to put virtualised images of their firewall software in the cloud to offer L7 security, but it wasn’t compelling for several reasons, including cost and the fact that customers don’t want to manage software.
"It was only recently that the cloud hyperscalers have released infrastructure that can support a third party to integrate their offerings as a service.”
Whilst organisations will be glad to see this is finally coming to fruition and Palo Alto Networks and its customers can celebrate this new model, there is still some work to do as Palo Alto Networks needs to integrate the service with the tagging systems that the clouds use for everything, Holmes added.
Speaking to CSO, Oswal said that the cloud is becoming a part of almost every business — whether it’s a nice to have or an integral part of the day-to-day — and it must be protected with best-in-class solutions.
“AWS customers want network security, but they also want to deploy and run it as easily as other native AWS services," Oswal added. "The native experience and the proliferation of AWS native services, which now includes Cloud NGFW, have given these organisations the tools they needed to embrace the cloud."