In the shared security responsibility model, Amazon Web Services (AWS) is responsible for the security of the cloud infrastructure that includes the physical facilities, servers, networking gears, and hypervisors. The customer, on the other hand, is responsible for the security of everything running in the cloud, such as the operating systems, applications/workloads, network configurations, data, and connections to the cloud. Scalable and cost-effective cloud security has become a top priority for enterprises as they are moving workloads to AWS in droves.
With the Barracuda Web Application Firewall already in the AWS Security Competency program and the Barracuda NextGen Firewall joining soon, Barracuda is effectively one of a handful of security vendors that demonstrates deep technical knowledge, integration and the highest degree of cloud automation.
Protecting highly dynamic AWS resources with a static firewall setup is neither efficient nor economical. With the Barracuda NextGen Firewall (NGF) 7.1 release, customers can deploy an NGF Auto Scaling Cluster that scales with the size of their workloads in the AWS cloud, thereby creating a cost-effective, robust solution for securing and connecting to cloud resources. New Barracuda NGF instances will start with automatic configuration, thus no need for user intervention. The NGF cluster must be deployed using CloudFormation template. The template deploys a VPC with public and private subnets in two Availability Zones. In the private subnets, the NGF cluster is deployed. In the public subnets, the Elastic Load Balancer (ELB) and two NAT gateways are deployed (one for each Availability Zone). The NAT gateways are required for the firewalls to be able to access the AWS backend. APIs are required to enable the secure configuration sync over the AWS backend.
The firewall cluster can be deployed either to integrate with existing resources in an AWS region or as part of an auto-scaling application. Both options offer an integrated Barracuda Web Application Firewall (WAF) as a second security tier. The firewall cluster integrates tightly with AWS services and APIs. Configuration changes are synchronized securely using a combination of native AWS services including S3, SNS and SQS, with all instances sharing the same configuration. The admin can configure the changes and troubleshoot connectivity issues as if using a single firewall instance. The firewall cluster is highly available and scalable across multiple AWS Availability Zones, without any single point of failure such as additional management or work node instances. The firewall cluster uses the PAYG image of the Barracuda NextGen Firewall from the AWS Marketplace. This allows you to quickly deploy without the need for long-term licensing commitments.
Barracuda NextGen Firewalls now also seamlessly integrate into the management concept for AWS. This includes a single spot to search for Log files, seamless integration to the Identity and Access Management services as well as provisioning of easy to use reference architectures for the most prevalent use cases.
Wenyu Zhang is a Technical Marketing Engineer with extensive experience and expertise in Cloud Infrastructure, Software Defined Networking, Server Virtualization, Network Security, and High Performance Computing technologies. You can connect with Wenyu on LinkedIn here.