TalksAWS re:Invent 2025 - Innovations in Infrastructure Protection to strengthen your network (SEC310)

AWS re:Invent 2025 - Innovations in Infrastructure Protection to strengthen your network (SEC310)

AWS re:Invent 2025 - Innovations in Infrastructure Protection to Strengthen Your Network (SEC310)

Key Challenges in Network Security

  • Managing complexity of hybrid and multi-cloud architectures
  • Scaling network security to meet changing demands
  • Adhering to compliance and data sovereignty regulations
  • Reducing cognitive load on security teams

AWS Network and Application Protection Portfolio

  • Web Application Firewall (WAF) and Shield Advanced for ingress protection
  • AWS Network Firewall for east-west and egress traffic inspection
  • AWS Route 53 Resolver DNS Firewall for DNS-based protection
  • Firewall Manager and Shield Network Security Director for centralized visibility and management

Enhancing Network Visibility

  • Shield Network Security Director: Provides topology view, security findings, and natural language-based queries
  • Improved visibility in AWS WAF and AWS Network Firewall consoles

Innovations in Application Protection

  • Simplified AWS WAF setup with pre-configured protection packs
  • Bundled CloudFront + WAF + Shield Advanced + Route 53 DNS protection
  • New Layer 7 DDoS protection managed rule in AWS WAF
  • AI bot authentication using cryptographic signatures

Advancements in Network Protection

Amazon Route 53 Resolver DNS Firewall

  • Fully managed service to block malicious domains and allow trusted domains
  • Supports custom domain lists and Amazon-provided managed domain lists
  • Provides logging and advanced DNS security features

AWS Network Firewall

  • Cloud-native next-generation firewall with stateful inspection, IDS/IPS, and TLS decryption
  • Supports flow logging and alert logging
  • Deployable for ingress, east-west, and egress traffic protection

Egress Protection Enhancements

  • New AWS Network Firewall explicit egress proxy resource
  • Performs pre-DNS, post-DNS, and header-based filtering
  • Supports TLS decryption and logging

Simplified Centralized Firewall Deployment

  • Native Transit Gateway attachment for AWS Network Firewall
  • Flexible cost allocation to attribute network traffic processing costs

Threat Intelligence Integrations

Active Threat Defense

  • Managed rule group based on AWS Madpot honeypot threat intelligence
  • Automatically updated every 10 minutes to protect against active threats

Partner-Managed Rule Groups

  • Threat intelligence-based managed rule groups from security partners like Checkpoint, Fortinet, Infoblocks, Lumen, Rapid7, ThreatStop, and Trend Micro
  • Covers protection against exploits, vulnerabilities, C2 attacks, zero-day threats, and more

Key Takeaways

  • AWS is enhancing network and application protection capabilities to address evolving security challenges
  • Increased focus on visibility, automation, and integration with partner threat intelligence
  • New services and features to simplify egress protection, centralized firewall management, and threat detection
  • Commitment to leveraging AWS's global infrastructure and threat research to proactively protect customer environments

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.