Partners: AWS Network Firewall Unlikely To Capture Enterprises

‘It’s better than the bare minimum they were providing before, but anyone serious such as large enterprises will still go for a top tier solution such as Palo Alto, Check Point or Fortinet,’ one solution provider tells CRN.

Solution providers are doubtful that Amazon Web Services’ new high-availability firewall service will appeal to large enterprises with robust security needs across multiple public cloud platforms.

“It looks like a basic firewall with intrusion prevention,” one solution provider, who didn’t wish to be identified, told CRN. “It’s better than the bare minimum they were providing before, but anyone serious such as large enterprises will still go for a top tier solution such as Palo Alto, Check Point or Fortinet.”

The vendor said the AWS Network Firewall managed security service will make it easier for customers to enable network protections across all their AWS workloads with just a few clicks and without the need to maintain the underlying infrastructure. There are no additional charges or upfront commitments required to use AWS Network Firewall, and users pay only by hours deployed and gigabytes processed.

[Related: Top 9 Biggest AWS Security Mistakes To Avoid]

However, the solution provider referenced earlier said AWS Network Firewall won’t be good enough for most enterprises due to the lack of multi-vendor protection and only providing features like security inspection and intrusion prevention coverage at a “bare minimum” level. AWS didn’t respond to multiple requests for comment from CRN.

“They are offering straight firewall while the market has moved to next-generation firewall. They are behind,” the solution provider said. “They are pushing stateful inspection in 2020. That’s a bit late to the game.”

A second solution provider told CRN that enterprise customers with 5,000 or more seats have been very accustomed to securing the cloud using their own personnel. They already have a dozen or more household names like Palo Alto Networks, Fortinet, SonicWall or Barracuda in their security stack and have benefited from observing what investments the leading cybersecurity vendors are making.

“Neither AWS nor Microsoft have reputations of offering rock-solid security [services],” the second solution provider said. “If they did, more people would be using them for security already. It’s going to be a while before they threaten the Palo Alto’s of the world.”

Microsoft declined to comment.

Enterprise customers such as large banks or credit card providers want to control security on their own and already operate around-the-clock Security Operations Centers (SOCs) and employ more security practitioners than most technology companies. When using AWS or Azure, these customers like to take responsibility for their own security and really value access management and malware protection.

To drive broad enterprise adoption of the AWS Network Firewall, the company would need to be able to deliver case studies, detailed customer testimonials and an explanation of what the underlying firewall infrastructure is based on. Enterprises also rely heavily on Gartner for security research, so nearly all these businesses would want to see Gartner’s evaluation of the AWS Network Firewall before buying.

“I don’t think AWS is going to try to reinvent the cloud firewall,” the second solution provider said.

It’s a different story, however, for commercial customers with 2,500 or fewer seats, many of who view the network firewall around their public cloud workloads as just another box to check for compliance purposes, the solution provider said. For these smaller organizations, the convenience of obtaining both the public cloud platform and security for said platform from a single vendor could win the day.

Before pulling the trigger, the solution provider said commercial customers would expect AWS to show that they’re able to provide virtual network protection that’s on par with or better than Palo Alto Networks or Cisco. Given the years of investments network security players have made around firewalls, switches and SD-WAN, the solution provider cautioned that winning prospects over could be tough.

“Who has more of a vested interest to protect the cloud than AWS?” the second solution provider said. “It could be a really nice scenario at the commercial level.”