自动化 AWS 网络防火墙的 Suricata 规则.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.D E V 2 0 6Meg AshbyAutomating Suricata rules for AWS network firewallShe/HerSenior Security Engin

2、eerAbnormal AI 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS Network Firewall overviewNetwork Firewall rules&suricataAutomation architectureGenerated suricata rulesOutcomesAgenda 2025,Amazon Web Services,Inc.

3、or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS Network Firewall 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS Network FirewallAWS IntegrationsClou

4、dWatch LogsAWS Firewall Manager SecurityHubInspection CapabilitiesLayers 3-7Deep Packet InspectionDomain Filtering Scalability100 Gb/s per AZ99.99%uptime SLADeployment OptionsNorth-SouthEast-West 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Network Firewall North-South Inspecti

5、onAWS CloudFirewall subnetPublic subnetNAT gatewayNetwork FirewallAvailability ZoneVirtual private cloud(VPC)Workload subnetEC2 InstanceInternet GatewayVirtual private cloud(VPC)Workload subnetEC2 InstanceVirtual private cloud(VPC)2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Ne

6、twork Firewall North-South InspectionAWS CloudFirewall subnetPublic subnetNAT gatewayNetwork FirewallAvailability ZoneVirtual private cloud(VPC)Workload subnetEC2 InstanceInternet GatewayVirtual private cloud(VPC)Workload subnetEC2 InstanceVirtual private cloud(VPC)2025,Amazon Web Services,Inc.or it