How the new Amazon VPC Ingress Routing Enhancement Improves Life in the Cloud
Security for More of the Cloud Network Paths:
Amazon Web Services (AWS) continues to make great strides in providing more features, capabilities, and overall choice to the application and network architectures. This is a big deal to any enterprise going to or expanding upon their Cloud. As enterprises take advantage of more and more of AWS richness, the Valtix Security Platform, which includes the Valtix Cloud Controller and Valtix Cloud Firewall, supports and helps enhancing security for all of these new and existing network flows from the Edge Virtual Private Cloud (VPC) to the AWS Transit Gateway Hub.
Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.
*Key Amazon VPC Ingress Routing Use Cases with Valtix Security Platform *
- For Edge VPC environments, the Valtix Cloud Controller can easily deploy and maintain the Valtix Cloud Firewalls deployed to protect all of the network traffic going in and out of the VPC; now, with the new Amazon VPC Ingress Routing enhancements, Valtix users can secure Internet to Amazon VPC.
- With customers taking advantage of the AWS Transit Gateway, Valtix supports the AWS Transit Gateway north-south traffic and inter-Amazon VPC “east-west” traffic (through the AWS Transit Gateway). This ultimately provides choice in where and how customers want to implement their network security.
More Power, More Better:
Finer-grained controls to any security administrator is a good thing; however, this often comes with a cost and performance hitch, aka the more available networks paths the more firewall horsepower needs. In the Cloud, Valtix has this figured out.
Last month, Valtix, as the first in the security industry, announced support for Amazon’s most advanced, compute family, the FPGA-powered, Amazon Elastic Compute Cloud (Amazon EC2) F1 instance series. By providing the highest performing and most optimized compute, Valtix achieves new levels of predictable performance with the lowest latency for some of the most advanced deep packet inspection security.
See our blog, from our CEO/Co-Founder, Vishal Jain, that is a tell-all for why this is important for your Cloud:
The Ever-Expanding Surface Area:
The cloud is less of a ‘black box’ these days – CSPs continuously innovate and provide more bells and whistles. With this new capability of more traffic controls in-out of the Amazon VPCs brings with it more considerations for what security functions to actually apply and where (i.e., NGFW, WAF, TLS inspection, more).
The beauty of the Cloud does not eliminate the drudgery of appliance/virtual rack-stack to chase these new network paths and to some may be an inhibitor to pursue due to their corporate compliance and risk requirements for encryption and rich security services “everywhere.” Meaning, one should be cautious about the substantial admin overhead and costs to this new surface area in tandem to the mounting security compliance requirements. Hold your network security vendors’ accountable for rich, follow-my-app/network, in-line services requirements that are also easy to deploy and maintain. Good luck.
One of our mantras at Valtix is to provide our customers consistent and world-class security that truly follows their Cloud network and apps – with the Valtix Cloud Security Platform, there’s no need to sacrifice/lower-the-bar.
The Valtix Cloud Firewall supports rich network security services such as TLS decryption/encryption, advanced firewall, IPS, WAF and more that follows your app and network. Apply one to all inline security services with simple policy rules coupled with our patented single-pass pipeline.
Another Reason to use Automatic-Insertion Features:
More paths, more insertions, more routes, more work? AWS now allows more flexibility to plumb security from Internet to Amazon VPC, and Amazon VPC to Amazon VPC. Valtix’s SaaS-based approach to secure your Cloud protects our customer admins from taking on the additional labor to support network path granularity.
At VMworld 2019, Valtix announced support for AWS Transit Gateway with the ability to deploy not only as a Services VPC, giving our customers an aggregated and centralized security environment to support hundreds and thousands of connected VPCs including VMware Cloud on AWS, but showcased the one of many of Valtix’s SaaS-based features: auto-route insertion. Our administrators with a single-click, associate their Valtix-based Services VPC to their attached VPCs, and we take care of the rest – add the necessary routes to insert their Valtix Cloud Firewall into the path. Super simple.
Now with our support for Amazon VPC Ingress Routing, Valtix similarly supports auto-route insertion for this new environment. The admin simply creates Amazon VPC-based policy rules using the Valtix Cloud Controller and associates to one to many of their Valtix Cloud Firewalls for Internet to Amazon VPC and/or inter-Amazon VPC and our Controller applies the routes automatically. It’s that easy.