AWS Network Firewall adds VisionHeight rules for zero-day and Tor traffic blocking

AWS Network Firewall now supports two managed rule groups from security vendor VisionHeight, giving customers access to proactive threat intelligence that blocks malicious IP infrastructure before it appears on public blocklists. The rules are available through AWS Marketplace.

One rule group, Zero-Day Threat Protection, uses VisionHeight's Pulse telemetry to identify and block emerging malicious IP infrastructure weeks before it is listed on public blocklists. The second, Noisy Scanners and Tor Protection, suppresses firewall log noise by blocking traffic from known high-volume scanning sources and active Tor exit nodes, reducing alert volume and lowering SIEM ingestion costs.

Daily updates and first-packet blocking

Both rule groups refresh daily, and the Tor and scanners group filters traffic at the first packet before events are generated. This design reduces the volume of alerts that security operations centers must triage and removes Tor as a potential path into or out of an environment. The zero-day group is aimed at organizations facing targeted attacks that need to get ahead of threats before they are widely recognized.

VisionHeight joins a list of AWS Marketplace sellers that already offer managed rules for AWS Network Firewall, including:

• Check Point
• Fortinet
• Infoblox
• Lumen
• Rapid7
• ThreatSTOP
• Trend Micro

Managed rules for AWS Network Firewall allow customers to subscribe to third-party threat intelligence and apply it directly to their firewalls without building and maintaining custom rule sets.

Market context and next steps

The addition of VisionHeight's rules reflects AWS's broader strategy to expand the managed rule ecosystem for Network Firewall, giving customers more options for threat intelligence delivered through Marketplace subscriptions. AWS Network Firewall is a managed service that scales automatically with traffic and integrates with other AWS security services such as AWS Shield and AWS WAF. Customers can get started through the AWS Network Firewall console or by browsing available managed rules in AWS Marketplace.

Organizations already using AWS Network Firewall can enable the new rule groups as an additional layer of protection without changing their existing firewall architecture. AWS has published documentation for the new rule groups and maintains a list of supported regions on its Regional Services page.