CN-Series Container Firewalls on AWS Marketplace for Containers Anywhere

Dec 01, 2021
4 minutes

Today at AWS re:Invent, hosted by Amazon Web Services, Inc. (AWS), Palo Alto Networks announced significant deployment and licensing developments critical for saving time and effort while securing container environments increasingly important for competitiveness and innovation.

Thanks to the release of AWS Marketplace for Containers Anywhere and AWS License manager, organizations can now even more rapidly deploy, configure, and operate CN-Series container firewalls on-premises with the managed AWS Elastic Kubernetes Services (EKS) and Self-managed Kubernetes.

For even greater accessibility and efficiency, organizations can now also add CN-Series security to a central repository of multiple container applications licenses, on-premises or cloud, in AWS License Manager. This portal has been designed to fast-track licenses and upgrades in AWS and on-premises servers from multiple software vendors – and by adding CN-Series, organizations now can manage the full stack of container applications in one place.

“I'm delighted by the unveiling of AWS Marketplace for Containers Anywhere. I'm also immensely proud that this announcement makes Palo Alto Networks the one and only security vendor launching at re:Invent with AWS Marketplace for Containers Anywhere,” said Anand Oswal, Senior Vice President at Palo Alto Networks. “Our customers will benefit from the best of both worlds: exceptional security and purchase flexibility. First, Marketplace for Containers Anywhere offers security and purchase flexibility. Customers can expedite procurement, manage licenses, and streamline renewals and upgrades. Second, Palo Alto Networks's best-in-class CN-Series: a purpose-built NGFW to secure your Kubernetes environment from network-based threats.”

Container Security Meets a Pressing Network Security Problem

These twin announcements are designed to meet immediate and pressing network security challenges in containerized environments. Without easy access to the tools that secure containerized applications, network security teams frequently have limited visibility and control over container traffic, which can seriously hamper important development efforts.

AWS announced the new AWS Marketplace for Containers Anywhere, where organizations can eliminate platform-specific license management and streamline the license management.
Why do we need CN-Series?

It’s important to note how these containerized environments are critical for innovation by having virtualization take place at the operating system level. This allows developers to quickly build applications by using Kubernetes to orchestrate deployments. Because of their short lifespan and isolated nature, containers may seem like a secure option for running applications, because containers are walled off from each other. But the reality is that many containers are typically deployed on the same IP space. If attackers gain access to even a single container, they can then spread the attack throughout a cluster of containers.

This setup can present problems for network security teams accustomed to protecting traditional applications and workloads on-premises and in clouds: These professionals often lack expertise securing containers. As a result, developer operations (DevOps) teams can be tempted to use native security controls in clouds – which do not have NGFW capabilities – and can create a fragmented security posture that leaves modern apps vulnerable to attacks.

CN-Series Meets and Exceeds Pressing Challenges

The Palo Alto Networks CN-Series container firewall is the first next generation firewall purpose-built to secure Kubernetes orchestration environments from network-based attacks. The CN-Series firewall enables network security teams to:

  • Gain Layer-7 traffic visibility and context into Kubernetes environment
  • Protect containerized apps deployed anywhere with best-in-class security for network-based threats
  • Dynamically scale network security without compromising DevOps speed and agility
  • Centralize security management

CN-Series is meant to ensure frictionless continuous integration/continuous development (CI/CD) pipeline deployment while delivering unparalleled runtime network protection through unified management across all multiple firewalls.

See How to Save Time and Effort at re:Invent and with These Resources

Both the AWS Marketplace for Containers Anywhere announcement and ​​AWS License Manager ensures customers can now purchase CN-series through AWS Marketplace and deploy it on cloud, AWS EKS, and on-premises in any self-managed Kubernetes deployments. This simplifies license management while protecting Kubernetes environments anywhere.

Customers can manage CN-Series, along with VM-Series virtual firewalls and PA-Series hardware firewalls from a centralized management plane called Panorama so security policy is consistent with all on-premises environments. Plus, organizations will discover easier access to Palo Alto Networks cloud-delivered security services such as Threat Prevention (IDS/IPS), WildFire, Advanced URL Filtering, and DNS for best-in-class runtime network security covering east-west, outbound, and inbound traffic.

If you’re attending AWS re:Invent, do schedule a meeting with us, or simply drop by booth #861 to find out more about how CN-Series can help secure container investments. Can’t make the show? No problem at all – just schedule a virtual demo and we’ll help you see how to secure your container with less time and effort.

Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.