Palo Alto Networks today announced it is making available a next-generation firewall (NGFW) that runs natively on the Amazon Web Services (AWS) cloud.
Anand Oswal, senior vice president for network security at Palo Alto Networks, said rather than requiring IT and security teams to deploy a separate firewall, the Palo Alto Networks Cloud NGFW for AWS can be consumed as a managed service alongside all the other services AWS provides.
That approach not only makes it simpler to secure applications running on AWS, it also shifts operational responsibility—including deployment, maintenance, availability and scale—to Palo Alto Networks, he added.
The Palo Alto Networks Cloud NGFW for AWS service is also the first and only NGFW to integrate with AWS Firewall Manager, noted Oswal. That capability makes it simpler to consistently apply firewall policies across multiple AWS accounts and virtual private clouds (VPCs).
The service is also accessible via an application programming interface (API) or can be invoked using templates created using infrastructure-as-code tools such as CloudFormation from AWS or open source Terraform software.
With more application workloads than ever running on the AWS cloud, Oswal said organizations are looking for a simpler way to secure those workloads. Palo Alto Networks Cloud NGFW for AWS makes it easier to achieve that goal using a service that can be launched via a few clicks versus requiring IT security operating team to install a firewall on a virtual appliance themselves.
Capabilities provided via that firewall service include advanced URL filtering based on deep learning algorithms, threat prevention tools to stop known vulnerability exploits, malware and command-and-control communication and the ability to control traffic by identity at the Layer 7 level.
More than ten years after organizations began migrating workloads to the cloud, many of them still struggle with cloud security. Cloud service providers require organizations to assume responsibility for managing applications and for configuring various services. Most cloud applications, however, are deployed by developers using infrastructure-as-code tools. The issue that arises is few of those developers have a lot of cybersecurity expertise. Not surprisingly, many of the cloud services being invoked wind up being misconfigured, which could result in a breach. Cybersecurity teams then need to spend time investigating before they can work with developers to remediate the core issue.
In theory, the number of cloud misconfigurations should steadily decline as development teams increasingly adopt DevSecOps best practices in the months and years ahead. In the meantime, it’s the cybersecurity team’s responsibility to make sure application workloads running in the cloud are secure. The challenge then becomes finding the simplest way to achieve that goal in an IT environment where applications not only dynamically scale up and down but are also frequently updated.
It may take security teams some time to get used to relying on someone else to manage firewalls on their behalf. However, every minute not spent on security operations can instead be spent thwarting the increasing volume of sophisticated attacks.