Starting today, AWS Network Firewall enables active threat defense by default in alert mode when you create new firewall policies in the AWS Management Console. Active threat defense provides automated, intelligence-driven protection against dynamic, ongoing threat activities observed across AWS infrastructure.
With this default setting you get visibility into threat activity and indicator groups, types, and threat names you are protected against. You can switch to block mode to automatically prevent suspicious traffic, such as command-and-control (C2) communication, embedded URLs, and malicious domains, or disable the feature entirely. AWS verifies threat indicators to ensure high accuracy and minimize false positives.
Active threat defense is available in all regions where AWS Network Firewall is available, including AWS GovCloud (US) and China Regions. To learn more about active threat defense and pricing, see the AWS Network Firewall product page and documentation.
Categories: general:products/aws-govcloud-us,marketing:marchitecture/networking-and-content-delivery,marketing:marchitecture/management-tools,general:products/aws-network-firewall
Source: Amazon Web Services
Latest Posts
- GCP Release Notes: January 31, 2026
- Dynamics 365 Contact Center – Leverage Quality Evaluation Agent simulation to test & fine tune evaluation criteria [MC1225452]
- Dynamics 365 Customer Service – Leverage Quality Evaluation Agent simulation to test & fine tune evaluation criteria [MC1225451]
- Dynamics 365 Contact Center – Quality Evaluation Agent Evaluation Criteria Extensibility [MC1225441]
