Active threat defense now enabled by default in AWS Network Firewall
News
This article announces that AWS Network Firewall now enables active threat defense by default in alert mode for new firewall policies.
- Active threat defense provides automated, intelligence-driven protection against dynamic threats
- Default alert mode offers visibility into threat activity and indicator groups
- Users can switch to block mode to prevent suspicious traffic automatically
- Blocks command-and-control communication, embedded URLs, and malicious domains
- AWS verifies threat indicators to minimize false positives
- Available in all AWS regions including GovCloud and China
AWS Network Firewall now provides default threat protection with flexible configuration options for enhanced security.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 17
2025
2025
AWS Network Firewall launches support for active threat defense
Jan 8
2026
2026
Real-time malware defense: Leveraging AWS Network Firewall active threat defense
Sep 17
2025
2025
AWS Network Firewall enhances console, monitoring, and security features
Oct 10
2024
2024
How AWS uses active defense to help protect customers from security threats
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.