Cloud Active Protection

10x faster, simpler, more effective

REQUEST A DEMO FREE TRIAL

Public Cloud Active Protection hero floater image

Complete visualization of cloud assets and network topology

Rapid assessment of network attack surface to identify risks and security threats

In-place remediation console to quickly fix misconfigurations in real-time

Advanced IAM protection against insider threats and external attacks

Time-limited access to network ports on an as-needed basis for a closed-by-default posture

Active monitoring and automatic reversion of unauthorized modifications to enforce security gold standards

Problem

Cloud operations and security teams are tasked with deploying and managing workloads in highly dynamic, flexible public cloud environments, paying close attention to policy configuration, patch management, connection policies and access control. The complexity of cloud security operations increases significantly as cloud environments grow in terms of number of instances, accounts, regions and operations. Simply moving an existing workload to the cloud without the appropriate security management measures in place for visibility or control can leave workloads exposed and less secure than if they remained within an enterprise datacenter.

Public Cloud Active Protection Deployment Lifecycle diagram

Security for today’s public cloud environments is fundamentally different from traditional datacenter security. Enterprise datacenters deploy layers of physical security measures – firewalls, routers, switches, etc.- to manage connection policies, access controls and zone designations. Lift-and-shift approaches to security are bound to fail in the software-defined, instantaneously configurable world of the public cloud, where simple changes to security policies can expose private resources to everyone.

Solution

Effective cloud security requires a centralized, consolidated platform that is built from the ground up for the cloud and gives administrators complete visibility and active control of their cloud environments. Dome9 Arc offers end-to-end control over the security posture of public cloud environments from a centralized console. The innovative SaaS platform provides a broad set of security and compliance controls, deep visualization, multi-factor authentication, and policy automation for verifiable and comprehensive security management.

Public Cloud Active Protection Control-Assess-Remediate diagram

Dome9 Clarity offers powerful end-to-end visualization of the network topology, security policies and configurations, allowing administrators to quickly assess the attack surface and identify risks and threats in live environments. Additionally, Clarity also provides visualization of CloudFormation templates (CFTs), giving administrators the tools to assess misconfigurations and threats before actually deploying a CFT in a live environment.
Dome9 Arc is not just a monitoring tool, but also offers full management of security group policies across accounts, projects, regions and virtual networks from one place. This allows administrators to find and fix problems quickly in-place.
Dome9 IAM Safety provides an additional layer of defense on top of native IAM where needed. Think of it as a firewall for IAM. IAM Safety gives security teams granular control over users, roles and actions, with privilege elevation on an as-needed basis for protected actions with second-level out-of-band authorization from a mobile device for critical updates. Cloud environments are protected from catastrophic events even if an administrator’s credentials are compromised. Additionally, Dome9 Arc allows you to adopt a closed-by default security posture with dynamic access leases, which allow services and ports in cloud environments to be made accessible for a limited amount of time.
Dome9 Arc continuously monitors managed cloud environments for any changes made through the public cloud console or via the API. The system automatically reverts unauthorized modifications to enforce a strict security gold standard at all times. All changes are audited and brought to the attention of administrators immediately.

Dome9 Arc is the only solution for cloud security operations offering end-to-end visibility, in-place remediation, and continuous security enforcement in a single platform. With no software to install or agents to manage, Dome9 Arc can be set up in under five minutes enabling administrators the ability to manage security, compliance and governance across accounts, regions and clouds. Dome9 provides the right combination of cost-effective, comprehensive security management coupled with detailed visualization for security operations needed in today’s public cloud environment.

“As a security department, it’s very important to have a quick, reliable, and current view of the configuration and control over the security settings of cloud accounts and assets. This enables us to automate controls and react quicker with fewer resources.”

-Ewald Wicher, Senior Manager Information Security, Western Union

DOWNLOAD THE CASE STUDY