Protecting Your AWS Deployment With Next-Generation Security

The Amazon® Web Services shared responsibility model states that protecting your applications and data on AWS® is your responsibility. That’s where the VM-Series on AWS can help. The VM-Series complements AWS security groups and web application firewalls by uniquely classifying and controlling your AWS traffic, based on the application identity, and applying threat prevention policies to block known and unknown cyberthreats across all ports and applications. 

Hybrid Cloud: Securely Move Your App Development and Testing Onto AWS

Securely migrate application development and testing onto AWS through a hybrid deployment that integrates your existing development environment with AWS via a secure connection. This approach allows your application development and testing team to get started while maintaining a strong security posture.

When deployed on AWS, the VM-Series can act as an IPsec VPN termination point to enable the secure communications to and from AWS. Application control and threat prevention policies can be layered atop the IPsec VPN tunnel or AWS Direct Connect for improved security and reduced risk. 

Internet Gateway: Protect Production Workloads

As your AWS deployment expands to include public-facing workloads, you can use the VM-Series on AWS as an internet gateway to protect web-facing applications from known and unknown threats. Additionally, you can enable direct, yet secure, access to web-based developer resources, tools and software updates, thereby minimizing the traffic that flows back to corporate and then out to the web.

Segmentation Gateway: VPC-to-VPC Protection for Security and Compliance

High-profile breaches have shown that cybercriminals are adept at hiding in plain sight, bypassing perimeter controls and moving at will across networks – both physical and virtualized.

While an AWS VPC provides an isolation and security boundary for your workloads, the VM-Series can augment that separation through application-level segmentation policies to control traffic between the VPCs.

With application-level policies, you have greater control over application traffic moving laterally, and you can apply threat prevention policies to block their movement as well. If traffic is flowing between VPCs in different regions across the internet, encryption can be enabled for added protection.

GlobalProtect: Extending Security to All Users and Devices

The scalability and global presence of the AWS computing infrastructure, combined with the VM-Series and GlobalProtect™ network security for endpoints, enable you to extend your corporate security policies to your remote users and mobile devices, regardless of their location.

GlobalProtect establishes a secure connection to protect the user from internet threats and enforces application-based access control policies. Whether the user, or network, needs access to the internet, data center or SaaS applications, the platform provides full protection.

AWS Security Competency Achieved

The VM-Series integration with AWS Auto Scaling has been validated as part of the AWS Security Competency program, allowing customers to protect their applications and data on AWS with our next-generation firewall and advanced threat prevention features.

The VM-Series complements AWS security groups and web application firewall security features with greater visibility and control over your AWS applications, along with protection from known and unknown threats.