Identify

With knowledge comes power. Identifying the applications in use in your Amazon® Web Services environment, regardless of port, gives you unmatched visibility into your AWS environment. Armed with this knowledge, you can make more-informed security policy decisions. 

Enable

Using the application as the basis for your AWS security policy enables you to leverage the deny-all-else premise that a firewall is based upon for both gateway and VPC-to-VPC protection. Allow the applications you want in use, and then deny all others. 

Prevent

In order to further protect your AWS environment, you can deploy application-specific threat prevention policies that will block both known and unknown malware.

AWS Security Competency Achieved

The VM-Series integration with AWS Auto Scaling has been validated as part of the AWS Security Competency program, allowing customers to protect their applications and data on AWS with our next-generation firewall and advanced threat prevention features. The VM-Series complements AWS security groups and web application firewall security features with greater visibility and control over your AWS applications along with protection from known and unknown threats.

Hybrid Cloud: Securely Leverage AWS to Augment Your Data Center

Expanding your data center into AWS across an IPsec VPN is an easy way to establish a hybrid data center that will quickly and securely address new application requirements and cloud-first development initiatives. A hybrid approach combines fixed, on-premises resources with scalable, more agile public cloud resources. Using the VM-Series as a VPN termination point means your security policies can include an IPsec VPN tunnel element, thereby allowing you to move applications and data from your network to the cloud in a secure manner.

Internet Gateway: Protect the Network, the Cloud, the Device

Building upon your hybrid deployment, the VM-Series for AWS can act as an Internet gateway, protecting the AWS perimeter with applications whitelisting policies that are based on user while preventing advanced threats. When deployed in conjunction with GlobalProtect, the VM-Series allows you to extend your corporate security policies globally to device users, regardless of their location. GlobalProtect establishes a secure connection to enforce application-based access control policies and prevent threats. Whether the need is for access to the Internet, data center or SaaS applications, the user enjoys the full protection provided by the VM-Series.

Segmentation Gateway: VPC-to-VPC Protection for Security and Compliance

High-profile breaches have shown that cybercriminals are adept at hiding in plain sight, bypassing perimeter controls and moving at will across networks – both physical and virtualized. While an AWS VPC provides an isolation and security boundary for your workloads, the VM-Series can augment that seperation throuth application level segmentation policies to control traffic between the VPCs. With application level policies, you have greater control over application traffic moving laterally and you can apply threat prevention policies to block there movement as well. If traffic is flowing between VPCs in different regions across the Internet, encryption can be enabled for added protection.

GlobalProtect: Extending Security to All Users and Devices

The scalability and global presence of the AWS computing infrastructure, combined with the VM-Series and GlobalProtect™ mobile security, enable you to extend your corporate security policies to your remote users and mobile devices, regardless of their location. GlobalProtect establishes a secure connection to protect the user from Internet threats and enforces application-based access control policies. Whether the user, or network, needs access to the Internet, data center or SaaS applications, the platform provides full protection.