Gartner Blog Network


Amazon announces WAF, but what does it mean for AWS netsec partnerships?

by Matthew Wollenweber  |  October 7, 2015  |  Submit a Comment

Amazon Web Services (AWS) just announced a new Web App Firewall (WAF) service. As a technical security control, this appears to be a great step forward. Enterprises are still struggling to effectively migrate (at scale) network security controls (like WAF) to the cloud. There are numerous approaches but few are elegant or simple. AWS WAF offers a simple and cheap mechanism to deploy a necessary security control to protect web servers. As a technical control, this new service allows elastic/devops cloud environments to better secure their web services and to do so without the investment in a WAF appliance or integration/scale/analysis problems that can arise with some free technologies (like mod_security). According to the FAQs AWS WAF can even protect non-AWS web servers.

The real question is what this move will do to Amazon’s partnerships with other network security vendors. Nextgen Firewall (NGFW) and Intrusion Prevention System (IPS) vendors. Notably NGFW MQ vendors have technology partnerships with Amazon. It’s efficient for cloud firewalls to integrate with native cloud services. By leveraging cloud provided services to perform some network security functionality (like basic port or IP blocking), traffic to the virtual NGFW appliance is reduced and administrators can manage rules in one portal. Today’s announcement of AWS WAF, has to give netsec vendors pause; partnerships between potential future competitors are hard. I’m curious what Amazon’s move into WAF will mean for these netsec partnerships.

Additional Resources

Category: aws  cloud  netsec  waf  

Tags: aws  netsec  waf  

Matthew Wollenweber
Research Director
1 years at Gartner
11 years IT Industry

Matthew Wollenweber is a Research Director in Gartner for Technical Professionals (GTP) Security and Risk Management group. He covers infrastructure security, where he advises clients on technical controls (such as traffic aggregation, firewalls, NAC and intrusion detection) and on overall security architecture. He has more than 11 years of experience in information security as a security engineer, software engineer, consultant and analyst. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.