GuardDuty Enabled Check within Compliance Engine

November 20, 2018 in Product Updates

Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. GuardDuty also detects potentially compromised instances or...


Read More



Support for Exclusions in Compliance Engine

November 20, 2018 in Product Updates

It is now possible to exclude findings that are generated by Dome9 Compliance Engine! You can now exclude specific findings from appearing in the results of assessments. There are several motivations for creating exclusions: 1. Avoid generation of findings from irrelevant rules, for a specific cloud account or for all...


Read More



We Now Support AWS ECS Service

October 26, 2018 in Product Updates

Amazon ECS allows you to run and maintain a specified number of instances of a task definition simultaneously in an Amazon ECS cluster. This is called a service. If any of your tasks should fail or stop for any reason, the Amazon ECS service scheduler launches another instance of your...


Read More



Support for CSA CCM Bundle

October 26, 2018 in Product Updates

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is designed to provide guidance to cloud vendors and to assist cloud customers in assessing the security risk of a cloud provider. The CSA CCM has 133 controls in 13 domains with customized relationships (mappings) to other industry-accepted security standards, regulations, and...


Read More



Cloud Security Posture Repository is Here!

October 10, 2018 in Product Updates

Today we are proud to announce our new Cloud Security Posture Repository This is the first knowledge platform that provides a public database of cloud security checks for AWS, Azure and GCP.  Customers now have a single portal that has an organized list of compliance rules and associated GSL queries to enhance their cloud...


Read More



We Now Support AWS ECS Tasks!

October 5, 2018 in Product Updates

If you are using Amazon ECS in your AWS environment,  it is important that you ensure it meets your security requirements. A task definition is required to run Docker containers in Amazon ECS. Some of the parameters you can specify in a task definition include:      1. The Docker...


Read More



We Now Support IAM Ad-Hoc Leases!

September 28, 2018 in Product Updates

We recently introduced IAM elevation capability from within the Dome9 web console. As a Dome9 customer: 1. Any member of a group of security admins would be able to authorize permission elevation to a user 2. A security admin would control all IAM users, including non Dome9 users Key Capabilities –...


Read More



September Compliance Updates!

September 27, 2018 in Product Updates

For the compliance updates for this month we have made the following enhancements to our compliance module: 1. Added new bundles 2. Added new rules to existing bundles 3. Deleted rules New Bundles Bundle Name  Description AWS NIST CSF v1.1 Automated Validation of NIST CSF V1.1 for AWS GCP NIST...


Read More



Support for GCP Storage Buckets!

September 12, 2018 in Product Updates

Buckets are the basic containers that hold your data. Everything that you store in Cloud Storage must be contained in a bucket. We have added support for another entity for GCP. For more information on GCP Buckets click here.  GSL Query Examples 1. Bucket should have logging enabled StorageBucket should...


Read More



GCP Region Support Available

September 11, 2018 in Product Updates

A region in GCP a specific geographical location where you can run your resources. Each region has one or more zones; most regions have three or more zones. For example, the us-central1 region denotes a region in the Central United States that has zones us-central1-a, us-central1-b, us-central1-c, and us-central1-f. For...


Read More