Palo Alto launches cloud-native firewall service for AWS

Cloud NGFW for AWS enables organizations to shift security responsibility to Palo Alto, allowing them to speed cloud innovation while remaining secure, the vendor says.

cloud security / data protection / encryption / security transition
Metamorworks / Getty Images

Palo Alto Networks has launched a new, fully managed “next-generation” firewall (NGFW) service in partnership with Amazon Web Services designed to remove the complexities of securing AWS cloud deployments. The network firewall vendor says its Cloud NGFW for AWS enables organizations to speed up cloud innovation while remaining secure.

Cloud NGFW for AWS shifts security responsibility

In a press release announcing the new service, Palo Alto Networks says it has recognized that its customers need to dedicate time and resources to building applications and running their businesses instead of managing cloud network security infrastructure. Cloud NGFW for AWS therefore shifts operational responsibility for deployment, maintenance, availability, and scale to the security vendor. “A key reason that companies have embraced the cloud is that they want to concentrate on their core competencies and leave other tasks like infrastructure and underlying services to experts like AWS,” says Anand Oswal, senior vice-president, network security at Palo Alto Networks. “As cyberattacks continue to grow in frequency and sophistication, organizations are looking for network security that is as easy to deploy as other native AWS services.”

Service offers “best-in-class” cloud security and simplicity

Palo Alto Networks’ new platform integrates with AWS Firewall Manager and is designed to bring together “best-in-class” cloud protection and simplicity, the vendor says. As such, it offers a range of cloud-centric security features, including:

  • Advanced URL filtering that uses deep learning to help stop zero-day threats in real time while allowing applications to securely connect to legitimate web-based services.
  • Threat prevention to thwart known vulnerability exploits, malware, and command-and-control communication.
  • App-ID to reduce the risk of attack by controlling traffic based on patented Layer 7 traffic classification.

Cloud NGFW for AWS also has several ‘simple-to-use’ features that allow for straightforward implementation, the vendor says. These include the fact that, as the platform is a fully managed cloud service, organizations do not need to deploy, update, or manage any of the infrastructure. Furthermore, the service leverages the power of AWS Gateway Load Balancer, providing high availability, elastic scaling on-demand to meet unpredictable throughput needs. It also allows for simple and consistent firewall policy management across multiple AWS accounts and virtual private clouds, whilst support for API, CloudFormation and Terraform templates enables automation of end-to-end workflows, Palo Alto Networks says.

“The way it should have been all along”

“With the release of this service, Palo Alto is offering firewall in the cloud the way it should have been all along—as a ‘native-like’ service,” Forrester senior analyst David Holmes tells CSO. “For years, firewall vendors have tried to convince customers to put virtualized images of their firewall software in the cloud to offer L7 security, but it wasn’t compelling for several reasons, including cost and the fact that customers don’t want to manage software. It was only recently that the cloud hyperscalers have released infrastructure that can support a third party to integrate their offerings as a service.” Whilst organizations will be glad to see this is finally coming to fruition and Palo Alto Networks and its customers can celebrate this new model, there is still some work to do as Palo Alto Networks needs to integrate the service with the tagging systems that the clouds use for everything, Holmes adds.

Speaking to CSO, Palo Alto’s Oswal says that the cloud is becoming a part of almost every business—whether it’s a nice to have or an integral part of the day to day—and it must be protected with best-in-class solutions. “AWS customers want network security, but they also want to deploy and run it as easily as other native AWS services. The native experience and the proliferation of AWS native services, which now includes Cloud NGFW, have given these organizations the tools they needed to embrace the cloud.”

Copyright © 2022 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.