Dome9 SecOps includes Clarity Visualization (currently available on AWS only), which enables customers to visualize AWS security policies, by intuitively mapping network traffic sources, security groups, instances and traffic flow possibilities.
It’s like Google Maps Street View for your AWS security and it fosters speedy discovery and remediation of network security issues and misconfigurations.
- Clarity displays all internal and external network components that play a role in a security configuration for AWS – both at the instance level and security group level for EC2/VPC.
- AWS CloudFormation templates are now supported, allowing organizations to discover security misconfigurations in the design phase itself.
- Clarity provides a tiered visualization view that resembles the architecture structure of multi-tier applications.
- Color codes are used to instantly reflect the resource exposure level: Red signifies traffic allowed from the internet, Orange signifies traffic allowed from specific public address, and Green signifies only local network access.
The firewall is the most ubiquitous of all network and host security controls and is the best place to stop attacks and prevent vulnerability exploits.
As a result, it is the module that introduces the most heartache to manage when deployed over highly agile cloud infrastructure. Organizations struggle with keeping them up-to-date with the current state of the infrastructure, as well as personnel changes, and often resort to leaving ports open, exposing holes in their first and most critical line of defense. With Dome9 SecOps, you can easily deploy and manage your host firewalls (and on AWS, your network firewalls or Security Groups as well) though the Dome9 console.
- Build firewall policies using a simple web-based interface with the Dome9 SecOps console – with one single policy working across groups of servers over multiple cloud accounts and cloud platforms.
- Policies update automatically as servers come and go, or are modified.
- Dome9 helps you harden your firewall policies thereby reducing attack surface and simplifying security operations.
File Integrity Monitoring
Dome9 SecOps includes file integrity monitoring which acts as an essential early warning indicator of potential malicious activity and is a security best practice as well as a core requirement in many compliance regulations.
The Dome9 file integrity monitoring (FIM) capability is encapsulated within the lightweight Dome9 agent for both Windows and Linux. It leverages the well-known OSSEC open-source FIM module along with Dome9’s policy automation and management capabilities yielding a simpler and more effective cloud server FIM solution.
- It tracks and monitors unauthorized or malicious change to any critical operating system file.
- It first saves a baseline record of the “clean” state of all monitored files and then periodically re-scans each server instance looking for deviations from that baseline. Any differences detected are logged and reported to the appropriate administrators.
- It leverages our powerful security policy engine that lets you manage thousands of protected servers under a single Dome9 account.
Security Configuration Management
Security configuration management has been ranked by Gartner as #1 in its list of server protection priorities.
Dome9 SecOps includes robust support for this requirement, ensuring that cloud servers are securely configured both at instantiation and over their active life cycle. Fine-grained role based access control ensures only the right admin roles can access specific resources. SecOps also performs continuous monitoring of security configurations across server instances as well as network security elements such as AWS security groups. An in-built heuristics engine compares these configurations against industry best practices and alerts on potential configuration gaps.
- Dome9 provides role-based secure access to all your cloud servers. Configurable down to individual users and services (e.g., SSH and RDP). You can segregate role-based access by specific servers, regions or clouds.
- A heuristics engine detects anomalies in network security configurations and powers context-aware alerts on a continuous basis.
In order to prevent malicious activity or mitigate the proliferation of malware from compromised cloud servers, Dome9 SecOps includes tamper protection (currently available on AWS only) within its suite of security controls.
When Dome9 SecOps is set up to manage a security policy in ‘Full Protection’ mode (as opposed to ‘Monitor-only’ mode), it locks down that policy as defined in the Dome9 console, and any deviations from that state will be considered unauthorized and reverted back to the original. As a result, malicious activity on a compromised server can be controlled and its attempts to propagate can be remediated.
- Dome9 SecOps includes a continuous monitoring service that polls all relevant security information from the AWS APIs every few minutes.
- If SecOps finds a change from the last known approved state (which may happen from malicious activity or accidentally because someone modified a security policy from outside of Dome9), it will create a ‘tamper’ event in the audit log and notify the administrator
- If the security group is operating in ‘Full Protection’ mode, Dome9 SecOps will revert the security group changes back to the last approved one.
Dynamic Access Leases
IT administrators typically leave internet-facing services in mission-critical enterprise applications open to the entire world for remote access thereby exposing themselves to brute force attacks and vulnerability exploits.
Dome9 SecOps can reduce this risk with Dynamic Access Leases which lets you close administrative ports by default, and open secure, on-demand access to them. Through a click of a button on the Dome9 console, or the Instant access mobile app or Chrome browser extension, users can now receive time-based access to cloud servers and services, thereby reducing the attack surface, and safeguarding them from breach.
- For secure server access, you simply click a button in your Dome9 console, Chrome browser, or mobile device (iPhone or Android). This action opens a specific service port just for you, just for a time period (e.g., 1 hour), and just for the machine you’re connecting from.
- On the back-end, Dome9 dynamically maps the IP address of the computer you’re coming from and instructs your remote cloud server to open the server’s port just for you and for a specified period of time.
you’d like to access
Then, with the click of a button in our mobile app or browser extension, you can get a secure access lease to any of your servers and clouds, giving you time-based secure access while your cloud servers remain invisible to hackers.
Requirements: iPhone/iPad App: IO 4 and above | Android App: 4.0 and above
Dome9 SecOps supports secure access control into the SaaS-based Dome9 management console using multi-factor authentication (MFA).
With MFA enabled, when a user signs in to the SecOps console, they will be prompted for their username and password (the first factor—what they know), as well as an authentication code from their mobile device (the second factor—what they have). Taken together, these multiple factors provide increased authentication security for your Dome9 solution and by extension, all of your cloud servers.
- Any RFC 6238-compliant mobile app such as Google Authenticator or Authy may be used to login into Dome9 via MFA.
- A quick setup will associate the mobile app with your Dome9 account, following which its stream of MFA authentication codes can be used for ongoing secure access into Dome9.
Compliance Auditing & Reports
Dome9 Secops includes a compliance auditing capability that provides real-time reporting to demonstrate security and governance for your entire cloud.
SecOps maintains a comprehensive log of all system events. It also includes robust alerting and notification capabilities and a new policy reports capability for resolving complex queries against all cloud security policies. All these capabilities in Dome9 SecOps make it easy to prove during an audit what the security posture was for any server active at any point in time.
- The Dome9 audit trail logs all attributes pertaining to the security state of your cloud security at any point in time and even lets you drill down to specific user activity.
- Dome9 provides real-time alerts so you always know the security state of your cloud servers. Administrators can customize their notifications settings to receive alerts about important system events.
- The new Policy Reports feature enables advanced search against security policy rules, and filtering, sorting and grouping of the results by any field (or multiple fields).