Our Blog

Active threat defense now enabled by default in AWS Network Firewall

Published
November 18, 2025
https://aws.amazon.com/about-aws/whats-new/2025/11/active-threat-defense-default-network-firewall/

AWS Network Firewall

Starting today, AWS Network Firewall enables active threat defense by default in alert mode when you create new firewall policies in the AWS Management Console. Active threat defense provides automated, intelligence-driven protection against dynamic, ongoing threat activities observed across AWS infrastructure.

With this default setting you get visibility into threat activity and indicator groups, types, and threat names you are protected against. You can switch to block mode to automatically prevent suspicious traffic, such as command-and-control (C2) communication, embedded URLs, and malicious domains, or disable the feature entirely. AWS verifies threat indicators to ensure high accuracy and minimize false positives.

Active threat defense is available in all regions where AWS Network Firewall is available, including AWS GovCloud (US) and China Regions.

What to do

  • Review your firewall policies to ensure they are configured with the default active threat defense setting.
  • Monitor threat activity and adjust your settings as needed to balance protection and performance.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-payments-cryptography-post-quantum-data-transit

AWS Payments Cryptography announces support for post-quantum cryptography to secure data in transit

Today, AWS Payments Cryptography announces support for hybrid post-quantum (PQ) TLS to secure API calls
Read more

Why Use Infrastructure as Code?

Infrastructure as Code has become a required aspect of cloud engineering- have you experienced the issues that it can help resolve?
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/amazon-ecs-service-availability-rolling-deployments/

Amazon ECS improves Service Availability during Rolling deployments

Amazon Elastic Container Service (Amazon ECS) now includes enhancements that improve service availability during rolling deployments
Read more
View all