Down Arrow

Features

enforza Platform Features

We're a low cost, high value alternative to existing solutions.
See how our capabilities compares to other cloud native firewalls like AWS Network Firewall and Azure Firewall (Basic SKU).

Features
enforza
AWS
Azure
Purpose
Lightweight network security service for protecting IaaS resources on any cloud provider.
Cloud-based network security service for protecting AWS IaaS resources and applications.
Cloud-based network security service for protecting Azure IaaS resources and applications.
Provisioning
Simple 3 step process, takes less than 3 minutes. Install agent, claim device, manage policies.
Deployed via API or Console. Manage policies.
Deployed via API or Console. Manage policies.
Subscription
Monthly
Monthly
Monthly
Number of protected IPs
Unlimited
Unlimited
Unlimited
Data processing charges
$0.00, zero, nada.

Calculator here to see the importance!
$0.065 per GB
$0.065 per GB
Data processing charges example (25Mbps)
$0/yr
$5884.10/yr
$5884.10/yr
Unified multi-cloud policy
Yes. Push unified policy to multiple firewalls simultaneously in the same CSP or across different CSPs for a consistent posture.
No
No
Management
Server (VM/EC2) is self-managed, but you manage the policy.
Managed service provided by AWS, but you manage the policy.
Managed service provided by Microsoft Azure, but you manage the policy.
API access
In beta
Planned GA Q1/2025
Yes
Yes
Terraform Provider
Q1/2025
Yes
Yes
High Availability
High availability, configured manually (e.g., using failover techniques).
Built-in high availability across AWS regions.
Built-in high availability across Azure regions.
Rule Syntax
enforza uses network & application rules, in a single policy for ease of management.
AWS Firewall uses rule collections with application and network rules.
Azure Firewall uses rule collections with application and network rules.
Selective NAT per rule
Yes.

Decide whether the rule requires SNAT, or enable SNAT for all sessions; granular control and from any IP address, not just RFC1918.
Sort of.
No.  

Global SNAT on or off; limited to certain various IP address ranges, with explicit no-NAT rules to bypass NAT at a network CIDR range.
Stateful Inspection
Yes
Yes
Yes
Layer of Operation
Operates at the application layer (Layer 7) and network layer (Layer 4).
Operates at the application layer (Layer 7) and network layer (Layer 4).
Operates at the application layer (Layer 7) and network layer (Layer 4).
FQDN/URL Filtering
Create customer permit or deny lists for FQDNs without need for full TLS inspection.
Create customer permit or deny lists for FQDNs without need for full TLS inspection.
Create customer permit lists for FQDNs without need for full TLS inspection.
Logging
Provides detailed logging and analytics, with built-in dashboards, out-of-the-box live log views, and data visualization.
Provides detailed logging and analytics, requires further steps and associated costs.
Provides detailed logging and analytics, requires further steps and associated costs.
MSSP/VAR Whitelabel
Yes

We offer MSSP/VAR branding and custom vanity domains etc.
No
No
SIEM & Log export
Yes (native)

Multiple formats, multiple endpoint types - Elasticsearch, Syslog, InfluxDB, SQL.
Yes

Requires additional configuration, infrastructure and associated costs.
Yes

Requires additional configuration, infrastructure and associated costs.
Complexity
Simplified setup and management, a familiar UI and process flow for network/security engineering.
Simplified setup, not a familiar UI for network/security engineering.
Simplified setup, not a familiar UI for network/security engineering.