Programmable Security Fabric
Dome9 SecOps leverages a programmable security fabric that delivers policy automation, abstraction and orchestration via a highly scalable and reliable platform hosted on an elastic cloud infrastructure.
Policy Automation Engine – Simplifies day-to-day network security management – from embedded cloud network firewalls to network configurations in host firewalls – with an effective and consistent policy framework.
Cloud API Orchestration – enables Dome9 to centrally manage and automate security policies on AWS across multiple accounts and regions, without an agent.
Host Agent Orchestration – a tiny, rapidly-deployed agent that runs in any cloud infrastructure and provides an additional mechanism for monitoring and control.
Broad Set of Controls
Dome9 SecOps includes a broad set of best-of-breed controls for maximum protection. These include security visualization, firewall management, file integrity monitoring, configuration management, tamper protection, dynamic access leases, multi-factor authentication, and compliance auditing.
Some of the functional highlights are:
Security Visualization enables customers to visualize AWS security policies, by intuitively mapping network traffic sources, security groups, instances and traffic flow possibilities. It fosters speedy discovery and remediation of network security issues and misconfigurations.
File Integrity Monitoring, encapsulated within the lightweight Dome9 agent, tracks and monitors unauthorized or malicious change to any critical operating system file and is a core requirement in many compliance regulations.
Firewall management – Easily deploy and manage your host firewalls and AWS Security Groups though the Dome9 console, with one single policy working across groups of servers over multiple cloud accounts and cloud platforms.
Dynamic access leases – Enable users through a click of a button on the Dome9 console, or the Instant access mobile app or Chrome browser extension, to receive time-based access to cloud servers and services, thereby reducing the attack surface.
Enterprise-grade security console and toolset
Proven at over a 1000 customer deployments and hundred thousand protected cloud servers, Dome9 SecOps has a feature set built out for enterprises:
Enterprise-grade security operations console – Dome9 SecOps enables enterprises to centrally manage all their policies across multiple cloud accounts and regions, authorize access to instances but prohibit users from modifying security groups and automatically revert unauthorized policy changes so security is always enforced.
Fine-grained role-based access control – Dome9 provides role-based access control configurable down to individual users and services. Instead of leaving all services open to every developer and IT staff member, Dome9 lets you easily configure secure access to only those resources that each user needs to do their specific job.
Integration with SIEM – Dome9 SecOps has built-in integration with Amazon SNS (Simple Notification Service) and to SQS (Simple queue service) for export to cloud-based SIEM solutions or on-premise SIEM systems.
API toolkit – Dome9 SecOps comes with an extensive API toolkit that makes it easy to integrate the solution within your existing security and devops ecosystem. It also includes an interactive API console powered by Apigee.
Built for AWS, Works across clouds
As a company born on and designed for AWS, Dome9 has more specialized security support for AWS than any other cloud platform. From security group policy orchestration to visualization of CloudFormation templates, we’ve built a unique user experience dedicated to improving security and manageability for the AWS security administrator.
At the same time, the Dome9 SecOps architecture is cloud-agnostic and will run on any cloud platform – including Windows Azure, any of the Openstack distributions or Google Compute Cloud, or perhaps a mix of these. In all cases, your security policies are defined via the Dome9 SecOps web-based console, the policy engine runs as a SaaS-based solution in conjunction with lightweight agents. The agent runs on any Windows or Linux-based server OS in any infrastructure, deploys in seconds and immediately enforces your security policy.