dome9 compliance tick image

Complete visualization of cloud assets and network topology

dome9 compliance tick image

Rapid assessment of network attack surface to identify risks and security threats

dome9 compliance tick image

In-place remediation console to quickly fix misconfigurations in real-time

dome9 compliance tick image

Advanced IAM protection against insider threats and external attacks

dome9 compliance tick image

Time-limited access to network ports on an as-needed basis for a closed-by-default posture

dome9 compliance tick image

Active monitoring and automatic reversion of unauthorized modifications to enforce security gold standards

Problem

Cloud operations and security teams are tasked with deploying and managing workloads in highly dynamic, flexible public cloud environments, paying close attention to policy configuration, patch management, connection policies and access control. The complexity of cloud security operations increases significantly as cloud environments grow in terms of number of instances, accounts, regions and operations. Simply moving an existing workload to the cloud without the appropriate security management measures in place for visibility or control can leave workloads exposed and less secure than if they remained within an enterprise datacenter.

Security for today’s public cloud environments is fundamentally different from traditional datacenter security. Enterprise datacenters deploy layers of physical security measures - firewalls, routers, switches, etc.- to manage connection policies, access controls and zone designations. Lift-and-shift approaches to security are bound to fail in the software-defined, instantaneously configurable world of the public cloud, where simple changes to security policies can expose private resources to everyone.

Solution

Effective cloud security requires a centralized, consolidated platform that is built from the ground up for the cloud and gives administrators complete visibility and active control of their cloud environments. Dome9 Arc offers end-to-end control over the security posture of public cloud environments from a centralized console. The innovative SaaS platform provides a broad set of security and compliance controls, deep visualization, multi-factor authentication, and policy automation for verifiable and comprehensive security management.

secops-solutions-image
  1. Dome9 Clarity offers powerful end-to-end visualization of the network topology, security policies and configurations, allowing administrators to quickly assess the attack surface and identify risks and threats in live environments. Additionally, Clarity also provides visualization of CloudFormation templates (CFTs), giving administrators the tools to assess misconfigurations and threats before actually deploying a CFT in a live environment.
  2. Dome9 Arc is not just a monitoring tool, but also offers full management of security group policies across accounts, projects, regions and virtual networks from one place. This allows administrators to find and fix problems quickly in-place.
  3. Dome9 IAM Safety provides an additional layer of defense on top of native IAM where needed. Think of it as a firewall for IAM. IAM Safety gives security teams granular control over users, roles and actions, with privilege elevation on an as-needed basis for protected actions with second-level out-of-band authorization from a mobile device for critical updates. Cloud environments are protected from catastrophic events even if an administrator’s credentials are compromised. Additionally, Dome9 Arc allows you to adopt a closed-by default security posture with dynamic access leases, which allow services and ports in cloud environments to be made accessible for a limited amount of time.
  4. Dome9 Arc continuously monitors managed cloud environments for any changes made through the public cloud console or via the API. The system automatically reverts unauthorized modifications to enforce a strict security gold standard at all times. All changes are audited and brought to the attention of administrators immediately.

Dome9 Arc is the only solution for cloud security operations offering end-to-end visibility, in-place remediation, and continuous security enforcement in a single platform. With no software to install or agents to manage, Dome9 Arc can be set up in under five minutes enabling administrators the ability to manage security, compliance and governance across accounts, regions and clouds. Dome9 provides the right combination of cost-effective, comprehensive security management coupled with detailed visualization for security operations needed in today’s public cloud environment.

Dome9 is a must have for any engineer or security professional on AWS. Dome9’s AWS region lock feature has been essential guaranteeing that region specific network changes won’t be made unless created via the Dome9 console.

Layne Bro

Head of Information Security

Ready to Experience Dome9?

Schedule a 15 Minute Live Demo
sign up for a demo now
laptop
Want a Free Trial With Dome9?
Register for a free trial