Security Group Aware NGFW for AWS?

I manage several firewalls in AWS and am frustrated by the fact that every one that I've seen still relies on IP/CIDR for filtering (other than DNS).

In a completely dynamic auto scaling AWS environment I'd like to know if there is a firewall out there that is aware of Instance Roles or Security Groups. Seeing as how many new APM tools are aware of these, I am hoping there is a Firewall as well.

I have my SGs tightened down when possible, and I have my firewall with egress rules configured, but I'd like to narrow those egress rules a lot – and maintaining SGs is difficult when dealing with DNS entries. (honestly if AWS SGs could handle DNS-based rules, this would be a moot point).

I've seen some corps using completely separate VPCs to handle different kinds of egress traffic, but this either means more egress firewalls, or certainly a more complicated routing design.

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s