As a company born on and designed for AWS, Dome9 has more specialized security support for AWS than any other cloud platform. From security group policy orchestration to visualization of CloudFormation templates, we’ve built a unique user experience dedicated to improving security and manageability for the AWS security administrator. For that reason, Dome9 SecOps is typically the security operations console for our customers on AWS.
At the same time as it has specialized support for AWS, the Dome9 SecOps architecture is cloud-agnostic and will run on any cloud platform. Whether you have your servers on Amazon AWS, Windows Azure, any of the Openstack distributions or Google Compute Cloud, or perhaps a mix of these, perhaps you have some hybrid or private cloud deployments too, even some non-cloud (physical/virtual) environments, SecOps will be able to run across all this infrastructure and protect across all of them with a consistent set of policies.
In all cases, your security policies are defined via the Dome9 SecOps web-based console, the policy engine runs as a SaaS-based solution in conjunction with lightweight agents. The agent runs on any Windows or Linux-based server OS in any infrastructure, deploys in seconds and immediately enforces your security policy.
A Unique Feature Set for AWS
Centralized security management
Consolidate policy controls across your EC2 and VPC security groups and instances and across multiple AWS accounts and regions.
Reusable policy objects
Never write the same IP address twice. With Dome9 SecOps, you can define custom lists of IPs to reference in whitelists and rulesets. You can also use DNS names in your AWS policies.
AWS security visualization
Explore your AWS security policies in a visual dynamic map that outlines the relationships within each region and VPC. Now works with CloudFormation templates too.
Stop unauthorized users and applications from modifying security groups without your permission. Automatically revert mistaken or malicious policy configurations.
Create a detailed archive of ALL policy changes across accounts and regions. Keep your audit logs indefinitely, even after the servers have come and gone.
Editable service names and descriptions
Don’t settle for cryptic. With Dome9 SecOps, you can create meaningful policy names and descriptions for your AWS services.
Dome9 SecOps Feature Mapping to Cloud Platforms
|Feature/Cloud||Amazon AWS||Windows Azure||Openstack||Google Compute Engine|
|Policy Automation||Yes||Yes, via agents||Yes, via agents||Yes, via agents|
|File Integrity monitoring||Yes||Yes||Yes||Yes|
|Security configuration monitoring||Yes||Yes||Yes||Yes|
|Dynamic access leases||Yes||Yes||Yes||Yes|