分布式检验与集中式检验：终极之争.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.S E C 3 3 8Jesse LepichBrian WestmorelandChalk Talk Distributed vs.Centralized Inspection:The ulti

2、mate debateSecurity SA,AWS Consultant,AWS 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Why should you careWhat is Network FirewallRecent advancementsUse casesArchitecturesGuidanceAgenda 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.91%of all ransomware inci

3、dents now include some form of data exfiltration.ACCORDING TO BLACKFOGBlackFog,“How Data Exfiltration is Changing the Ransomware Landscape”,February,2024.Exponential rise in data exfiltration91%91%D A T A E X F I L T R A T I O N S U R G E S T O 2025,Amazon Web Services,Inc.or its affiliates.All righ

4、ts reserved.Configure internal firewalls and proxies to restrict internet traffic from hosts that do not require it.If a host requires specific outbound traffic,consider creating an allowlist policy of domains.“CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks 2025,Am

5、azon Web Services,Inc.or its affiliates.All rights reserved.Highly Available and fully-managed as AWS managed infrastructure scales automatically with your network trafficCustomizable rules,L3-L7,IDS/IPS,AWS managed rules,domain filtering,app detection,port/protocol enforcementCentrally manage polic

6、ies,activity monitoring with CloudWatch metricsCloud native,integration and ease of use with the ability to spin up an endpoint within minutes,standardized APIWhat is AWS Network Firewall?Pay only for what you use,NATGW costs are discounted 2025,Amazon Web Services,Inc.or its affiliates.All rights r