EC2 Network ACL

Continuously audit and monitor EC2 Network ACL configurations and enforce security compliance as code with Panther.

A network access control list (ACL) is an additional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Use Panther to track real-time changes to your network ACL to ensure configurations meet your business requirements for security and compliance.

Monitoring network ACL is critical for understanding the history of network traffic changes in your VPC and detecting suspicious activity. Use Panther’s built in policies for continuous monitoring of network ACL resources, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for EC2 Network ACL with Panther include:

• Ensure Network ACLs block the usage of ports typically associated with insecure or unencrypted protocol
• Ensure network ACLs have some restrictions on outbound and inbound traffic.
• Ensure SSH access is granted only from protected network CIDR ranges.

How it Works

The integration is simple and fast:

• Connect your AWS account to Panther
• A baseline scan is performed to identify all existing Network ACL in your VPC(s)
• Built-in detections identify security issues
• Alerts will be sent if non-compliant Network ACL exists

Use Panther to search all Network ACLs in a VPC account by name, view their compliance status, associated policies, and configured remediations. Learn more about using Panther to analyze your AWS logs for security insights.