dome9 compliance tick image

Security and compliance testing earlier in the cycle for faster remediation and time-to-market

dome9 compliance tick image

Simple one-click security testing of CFTs before deployment

dome9 compliance tick image

Balance between closed security posture and rapid cloud access for deployments

dome9 compliance tick image

Protection from unauthorized modifications to security configurations

dome9 compliance tick image

Intelligent alert prioritization, improving the signal to noise ratio by a factor of two

dome9 compliance tick image

Native and API-based integration with popular DevOps tools

Problem

DevOps and Continuous Delivery practices are being widely used by organizations that want agility and faster time-to-market to better respond to changing business needs. Development, QA and operations teams face the challenge of incorporating security into the product lifecycle without slowing things down. Siloed approaches to security hardening that worked in the past are incompatible with the holistic, iterative model of software development and deployment with DevOps. For example, security reviews involved mostly manual processes at the end of product development and QA. Any security risks or issues identified in the product sent the code back to development, causing significant delays.

Solution

The Dome9 Arc platform allows you to incorporate security and compliance into how you build, deploy and run applications in the public cloud without sacrificing agility. Dome9 provides the security foundation for Rugged DevOps with tools that allow automated testing and enforcement of security. Here are four ways in which DevOps teams can harden their applications with Dome9 Arc:

devops-solutions-image
  1. Validation Before Deployment: Test the security and compliance posture of application architectures (e.g., AWS CloudFormation templates) with a single click prior to deployment.
  2. Automated Testing During Development: Use the Dome9 Arc API to incorporate testing of security best practices and compliance into the continuous build processes early in the cycle.
  3. Security During Deployment: Maintain a closed-by-default security posture in the cloud by locking down cloud environments except to allow authorized software deployment.
  4. Actionable Alerts: Streamline alerts in highly dynamic cloud environments with machine intelligence, allowing operations teams to focus on alerts that require immediate attention. These real-time, actionable alerts and notifications are delivered in AWS environments through the Simple Notification Service (SNS), which can be consumed by downstream applications such as Splunk, Sumo Logic, Graylog and Loggly.

The Dome9 Rugged DevOps solution allows security and compliance to be incorporated early and often into the software development and deployment lifecycle. With security checks built into the continuous deployment pipeline rather than at the end, DevOps is able to find and fix security vulnerabilities early, accelerating an organization’s time-to-market. The Dome9 API allows security to simplify integration with popular DevOps tools, allowing Dome9 services to be built into automated workflows.

To succeed in a busy and growing DevOps environment, we need to empower all of our employees to get their jobs done on their own, while maintaining oversight and control over what is changing. Dome9 allows everyone to do what they need to do, without sacrificing the ability to monitor and stop changes that aren’t supposed to happen.

Layne Bro

Head of Information Security

Ready to Experience Dome9?

Schedule a 15 Minute Live Demo
sign up for a demo now
laptop
Want a Free Trial With Dome9?
Register for a free trial