WatchGuard Firebox Cloud on AWS
Extending the WatchGuard security perimeter to protect business-critical assets in AWS
What is Amazon Web Services (AWS)?
AWS is a platform that allows you to quickly and easily deploy resources in the public cloud. As anInfrastructure-as-a-Service (IaaS) offering, customers build systems in a hosted environment that provides compute, storage, content delivery and other functionality for increased flexibility, scalability and reliability. AWS enables you to avoid capital infrastructure costs with a pay-as-you-go model that makes the public cloud an appealing alternative to on-premises datacentres, even among small and midsize businesses. In fact, according to RightScale’s 2016 State of the Cloud report, 71 percent of small and midsize businesses (SMBs) are running at least one application in a public cloud environment. However, moving infrastructure outside of on-premises datacentres that you control changes the security dynamic, and necessitates the use of additional security solutions to keep your assets safe.
Security in the Public Cloud
While the public cloud provides countless new opportunities for businesses big and small, it’s continued growth has also made it a major focus for criminal hackers. Hackers have begun to target or infect servers running in public cloud services, and there have even been cases where hackers have taken over servers running in Amazon EC2 – the virtualised compute portion of AWS.
From a security perspective the servers you spin up in public cloud environments, like AWS, are no
different than those in your own datacenter. If you leave a port open, without a firewall or access control rules, hackers can attack it in the same way they attack physical servers
Amazon Web Services takes pride in the security of their cloud infrastructure but they make it clear that the security of your business-criticalassets in the cloud is your responsibility. Under the AWS Shared Responsibility Model, AWS makes a distinction between:
• Security measures that the cloud service provider (AWS) implements and operates – “security OF the cloud”
• Security measures that the customer implements and operates, related to the security of customer content and applications that make use of AWS services – “security IN the cloud”
AWS manages the security OF their cloud through a series of security tools that protect their endpoints, provide encryption of stored data, and effectively segregate the virtual networks and applications of their customers. Under the shared responsibility model you remain in control of the security approach to your content, platform, applications and networks.
AWS provides built-in virtual firewall functionality that controls access to instances and VPCs (Virtual Public Clouds). Called network access control list (ACL), this optional layer of security acts as a firewall for controlling traffic in and out of one or more subnets. But controlling access only solves a small portion of the security challenge. For trusted security in AWS, customers need the ability to inspect inbound and outbound traffic with a robust set of security tools designed to detect and prevent modern cyber attacks.
WatchGuard Firebox® Cloud brings the protection of WatchGuard’s leading Firebox® UTM appliances to the public cloud. With Firebox Cloud forAWS, your AWS environment is protected by comprehensive portfolio of security services, from traditional intrusion prevention, gateway antivirus, application control, and URL filtering, to more advanced services for protecting against evolving malware, ransomware, and data breaches. Each security service is delivered as an integrated solution within an easy-to-manage and cost-effective virtual Firebox.
• Protect Servers Deployed on AWS. To provide protection to one or more virtual servers that are accessible from the Internet, you can install a Firebox Cloud instance. Your instance of Firebox Cloud is then the gateway for inbound connections to your servers from theInternet. You configure policies and security services on your instance of Firebox Cloud to control traffic to your virtual servers.