AWS re:Invent Recap: WAFs Protect Web Applications, We Protect Networks

Matt Keil


Palo Alto Networks was on the scene at re:Invent, the annual gathering of Amazon Web Services (AWS) users and experts, and the energy felt from the 19,000 or so attendees was palpable. Rightfully so, given that AWS is operating at roughly a $7 billion run rate, as stated in the keynote by Andy Jassy, SVP, Amazon Web Services.

We participated as a sponsor, demonstrating our VM-Series for AWS to many customers and new contacts alike. What was great to see was the number of current customers who came by to say “hello” and give us an update on where they are, relative to public cloud. Many are just getting started; however, several were fully deployed, using both our hardware appliances on their network and the VM-Series in the public cloud. Here are some of the comments we heard:

  • A financial services customer: “We have an IPSec VPN set up between the data center and our AWS presence. Within AWS we have multiple VPCs with IPSec VPNs in between them.”
  • A data analysis customer: “The VM-Series for AWS solved numerous problems for us. It works like a charm.”
  • A financial services customer: “We love your hardware firewalls and will use you in AWS as well.”

As with any exhibit, there was a commonly asked question. In the early days of doing these events, it was, “Are you in Palo Alto?” At re:Invent , it was “Are you a WAF?” Or, “How are you different from a WAF?” These questions arose because of the AWS WAF announcement made by Amazon. The answer is that no, we are not a web application firewall (WAF). In fact, we are very different from one.

We protect networks

Sometimes, the easiest way to highlight the differences is to keep it simple. Our CMO, René Bonvanie can be credited with the best summary of those the differences: we are designed to protect your network as a firewall, using positive security rules to allow the applications you want to allow (regardless of type or port) and deny all else; then, apply threat prevention to the allowed applications, blocking known and unknown threats.

They protect web applications

A WAF is focused solely on protecting HTTP or HTTPs applications, typically public-facing ones, and ignoring any other traffic. Each WAF implementation will be customized for the application it is protecting. Not all enterprises will need a WAF, whereas all enterprises need a network firewall – be it physical or virtualized. To learn more about the differences between our next-generation firewall and a web application firewall, check out this one pager.

To learn more about the VM-Series for AWS, take our one-hour test drive.

 

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS