Security Solutions Optimized for Amazon Web Services

Security in public clouds is different. Are you prepared? Symantec has teamed up with Amazon Web Services to deliver AWS security that is optimized for your applications and instances.

Read the Guide Watch the Video Buy Now

Symantec delivers AWS security services that are optimized for Amazon Web Services.

Confidently migrate your legacy applications, deploy new cloud-native applications and services, and burst services on-demand to augment your on-premises requirements with Amazon Web Services.

Using Public Clouds to Deliver Business Services at the Speed of Need

Businesses and public sector organizations are no longer just using the public clouds like Amazon Web Services (AWS) for their test and development environments. Increasingly, they are using public clouds to migrate critical applications running on unsupported on-premises legacy platforms, as well as to deploy new cloud-native applications. The 2019 Cloud Security Threat Report found that a cloud-first approach is increasingly becoming the norm with 54% of workloads now residing in the cloud. Organizations are turning to public clouds like AWS to burst services, and meet seasonal spikes in demand. AWS cloud security is now more critical than ever.

Symantec Delivers Solutions Optimized for Amazon (AWS) Security

Security and compliance in public clouds are different. Applications in these environments are componentized, preconfigured, and based on a library of templates. These applications are dynamic, mobile, orchestrated, and automated. Architectural differences between public clouds and on-premises infrastructures make it difficult to retrofit on-premises security solutions for public cloud environments. Traditional security solutions require deep expertise, extensive con-figuration, and long tuning cycles and, thus, are not suited for the public cloud.

Understanding these differences and challenges, and offering security that is optimized for public cloud architectures are critical to removing barriers to adoption. Symantec’s security solutions are purpose-built for AWS cloud security.

Symantec Simplifies Security Across Your On-premises and Public Cloud Deployments

Symantec understands the unique demands of securing public cloud deployments and designs cloud-native security products that are optimized for AWS. We also provide an opportunity to simplify management across on-premises and cloud security operations.

By extending proven Symantec security solutions to your AWS-based workloads and instances, you will enjoy peace-of-mind knowing that your customer data and other sensitive information is protected.

Symantec Cloud Workload Protection

Symantec Cloud Workload Protection automates AWS cloud security for your workloads, enabling business agility, risk reduction, and cost savings for organizations, while easing DevOps and administrative burdens. Rapid discovery, visibility, and elastic protection of AWS and Azure workloads enable automated AWS security policy enforcement to protect applications from unknown exploits.

Cloud-native integration allows DevOps to build security directly into application deployment workflows, while support for Chef and Puppet automates configuration, provisioning, and patching. Access to the Symantec Global Intelligence Network protects workloads against the latest global attacks and vulnerabilities, providing peace of mind for large enterprises and born-in-the-cloud businesses.

Enterprises migrating workloads to AWS and cloud-native businesses will benefit from:

  • AWS security that provides visibility and control over cloud workloads
  • Elastic security for their dynamic cloud infrastructure
  • Mitigation of risk associated with public cloud adoption

Cloud Workload Protection for AWS S3 Buckets

Many apps and services running on AWS utilize S3 buckets for storage. Over time, storage can become contaminated with malware, ransomware, and other threats–either from attackers, unwitting users, or other resources. From S3 buckets, threats can propagate to additional apps, users, or databases. Cloud Workload Protection for Storage delivers Amazon S3 security by automatically scanning storage buckets using Symantec's suite of anti-malware technologies to keep your cloud storage and services clean.

  • Enables secure adoption of containers and serverless technologies such as AWS Lambda
  • Near real-time and scheduled scanning of S3 buckets helps to prevent threats and malware from being spread by cloud-based applications and users
  • Discovers and blocks the latest Amazon S3 security threats using Symantec's suite of anti-malware technologies including reputation analysis and advanced machine learning
  • Automated AWS S3 security minimizes DevOps workloads and administrative tasks
  • Threat scanning infrastructure scales elastically with load for cost optimization

Control Compliance Suite

Control Compliance Suite delivers business-aware security and risk visibility so that customers are effectively able to align priorities across security, IT operations, and compliance. It automates continuous assessments and delivers a unified view of security controls and vulnerabilities. Customers can deploy Control Compliance Suite on-premises or on Amazon Web Services (AWS) to assess their AWS instances and applications. With Control Compliance Suite, customers are able to harden the data center, prioritize security remediation, enable secure migration to the software-defined data center, and support continuous assessments for Amazon cloud security and monitoring.

Symantec Protection Engine for Cloud Services

Symantec Protection Engine for Cloud Services is a flexible and feature-rich client/server application that allows customers to incorporate malware and threat detection technologies into almost any application. Protection Engine includes Symantec's proprietary, patented URL categorization technology and industry-leading malware protection for fast, scalable, and reliable content scanning services. These services help organizations protect their data and storage systems against the ever-growing threat landscape with automated AWS cloud security.

Data Loss Prevention

Customers can now confidently deploy workloads containing confidential data to the Amazon cloud with Symantec’s market-leading data loss prevention (DLP) solution. Symantec Data Loss Prevention provides comprehensive Amazon cloud security and unified management of your hybrid cloud environment.

Symantec Data Loss Prevention is a content-aware data security solution that discovers, monitors and protects confidential data stored across the AWS cloud, including AWS-hosted instances of Microsoft Exchange and Microsoft SharePoint. Unlike other AWS security solutions that provide limited DLP controls, Symantec delivers deep content inspection, sophisticated policy and incident management, and proven scalability and performance. With AWS and Data Loss Prevention, businesses can confidently deploy workloads to the cloud without sacrificing control over their confidential data.

Symantec Endpoint Protection

Symantec Endpoint Protection provides defense in depth, whether in the cloud or on-premises. Get machine learning; behavioral, cross-vector protection; and network protection/firewall as part of complete anti-malware protection. Validated by third-party tests, Symantec Endpoint Protection is the most effective intelligent endpoint security solution available on the market. Reduce the complexity of advanced threat protection with AWS workloads and maximize your AWS security and performance with Symantec Endpoint Protection. Available two ways–BYOL or metered.

The Symantec Endpoint Protection Manager runs on an EC2 instance. Depending on your instance count, choose a matching instance size: 10 instances - m4.large; 100 instances - m4.xlarge; 250 instances - m4.2xlarge; 500 instances - c4.2xlarge.


  • Granular control - Proactively secure your ecosystem with policy-based system lockdown and application control, including advanced whitelisting and blacklisting for greater protection and productivity, and Host Integrity to detect unauthorized changes, conduct damage assessments, and ensure endpoint protection and compliance.
  • Smarter management - Exert granular policy control through a single high-powered client and management console across both physical and virtual machines, making it easy to deploy, update, and manage your endpoint security across various locations, user groups, and operating systems.

Symantec VIP Access Manager

Symantec VIP Access Manager is a next-generation access control platform, the foundation for an AWS cloud security solution. It integrates Single Sign-On (SSO) with strong authentication (Symantec Validation and ID Protection Service and Managed PKI Service), access control, and user management.

In the cloud, where a traditional enterprise perimeter does not exist, VIP Access Manager fills the gap by helping enterprises adopt cloud-based applications while maintaining proper risk management and compliance measures to protect enterprise data and follow regulations. Symantec VIP Access Manager is available on-premises or as a hosted service on Amazon Web Services (AWS) cloud. Virtually any cloud-based application is supported, with easy-to-create connectors. Also included is a built-in user directory for self service provisioning and integration with common identity providers to enforce AWS cloud security and compliance for applications without getting in the way of productivity.

The AWS cloud offers a secure, scalable infrastructure to support VIP Access Manager as it scales with an organization's need to manage additional apps, devices, and users.

Symantec Web Application Firewall (WAF)

Web and mobile applications are increasingly under attack. As companies move their applications to Amazon Web Services (AWS) they need a way to protect those applications from external threats and attacks. Symantec Web Application Firewall (WAF) & Reverse Proxy, built on the industry-leading ProxySG platform, secures and accelerates web applications. Customers can now deploy our proxy-based WAF on-premises or in the cloud with AWS to block known attack patterns with signature-based engines. Symantec Web Application Firewall delivers dependable AWS security using the most advanced content nature detection engines to detect obfuscation and prevent new attacks.

  • Analyze and scan inbound executables and files for malware
  • Lower your operational cost
  • Improve application performance
  • Reduce false positives
  • Increase zero-day protection
  • Offload user authentication and SSL
  • Monitor and apply policy to inbound connections
  • PCI Compliance Security
  • Get OWASP Top 10 coverage

What is Cloud Computing?

Cloud computing is an option for computing in which dynamically scalable and often virtualized resources are provided as a service over a network. Hosting services on the internet are referred to as "Public Clouds," while hosting services on an internal network is referred to as a "Private Cloud."

What is Amazon Web Services (AWS)?

Amazon Web Services (AWS) is an infrastructure-as-a-service provider, serving companies of all sizes. With AWS, companies can requisition compute power, storage, and other services, gaining access to a suite of elastic IT infrastructure services, as business demands them. Enforcing AWS security is an important consideration for any company using this service.

Essential Characteristics of Public Cloud

The five essential characteristics of cloud computing are:

  1. On-demand self-service
  2. Broad network access
  3. Resource pooling and multi-tenancy
  4. Rapid elasticity
  5. Metered service

For More information on Cloud Computing, see the NIST Special Publication 800-145, “The NIST Definition of Cloud Computing”.

Key Security Concepts and Challenges Associated with Public Clouds

  • Cloud hosting inevitably means some loss of control and visibility.
  • The majority of the risks originate from the components that are managed by the subscriber. Application and instance security are soft targets for malicious hackers.
  • Attempts to retrofit on-premises security controls and patterns to secure applications and instances in the public cloud are ineffective due to differences in the architecture between on-premises and public cloud infra-structures.
  • Customers using AWS must have a solid understanding of the “AWS Shared Security Responsibility Model”.

What is the Relationship Between Symantec and Amazon Web Services?

Symantec recognizes Amazon Web Services (AWS) as a leading cloud infrastructure-as-a-service provider and has partnered with AWS to optimize Symantec's AWS cloud security solutions. The Symantec products that support AWS are designed to deliver security at the application and instance levels, which are the subscriber-controlled components in the AWS Shared Security Responsibility Model. Symantec therefore complements the cloud infrastructure and network security that is provided by AWS security services.

Symantec does not endorse or resell AWS offerings nor does AWS resell any of Symantec's products. Customers are encouraged to evaluate the product and service offerings made available by Symantec and AWS, and identify how each solution would benefit a particular use case.

What Symantec Products Secure Applications and Instances on Amazon Web Services?

See the “Products” section for information on Symantec security solutions for AWS.