Public Cloud Security Operations
Model and enforce gold standard policies across accounts, projects, regions and virtual networks
Powerful visualization of network topology and flows for rapid assessment
In-place remediation and active security enforcement; not just monitoring
Consistent management of security policies across multiple public clouds
Cloud-native, agentless security technology that protects all cloud assets
Setup in under 5 minutes with no software to install or agents to deploy
Extensive automation delivering one-click operational simplicity
The innovative Dome9 Arc SaaS platform is designed to be the one-stop solution for easy management of network security in large public cloud environments. Dome9 Arc offers a complete range of capabilities that allows administrators to visualize network topology and flows, assess security posture, detect misconfigurations and attack surface, model gold standard policies, protect against attacks and insider threats, and conform to security best practices on the cloud.
Dome9 combines cloud-native security controls exposed by different public cloud providers through APIs with cloud-agnostic policy automation to provide comprehensive multi-cloud security management across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). Dome9 delivers best-in-class industry-based security policies for maximum protection and maintenance of a healthy security posture across multiple accounts, projects, regions and virtual networks.
“We leverage Dome9 to protect our growing and distributed cloud based file storage environment. Dome9 provides us improved access controls through on-demand dynamic access leasing and improved security and compliance through detailed auditing and alerting.”
-Manny Landron, Senior Manager, Security and Compliance, Citrix
Network Security Features
A powerful visualization tool that constructs a real-time topology of cloud assets, including security groups, instances, firewalls and more. Clarity gathers the required information and automatically categorizes cloud entities based on their exposure to the public, allowing admins to find misconfigurations and security threats and remediate them. Users can even upload CloudFormation templates (CFTs) to inspect and collaborate before deployment.
Built-in capabilities to fix issues that can leave your cloud environment exposed, such as misconfigurations, open IP ports, and unauthorized modifications. Dome9 Arc offers intuitive management of security group policies across accounts, projects, regions and virtual networks from one place. Dome9 exposes an object-oriented approach to network management through IP lists and DNS objects, and provides rich actionable alerts and extensive audit capabilities that makes the platform the system of authority for security management.
Dynamic Access Leases
Time-limited, on-demand access to services and ports in cloud environments, allowing administrators to adopt and maintain a closed-by default security posture without restricting access. By providing time-bound access to cloud services on an as-needed basis, Dynamic Access Leases minimize the risk of external threats by reducing the attack surface while still allowing legitimate users to get the access they need with the click of a button without having to use cumbersome security mechanisms such as VPNs.
Continuous monitoring of managed cloud environments for any changes from last known and approved state, made either through the public cloud console or via the API. The system automatically reverts unauthorized modifications to enforce a strict security gold standard at all times. All changes are audited and brought to the attention of administrators immediately.
With Region Lock, newly created security groups are imported into the Dome9 console, and their security policy rules (both ingress and egress) are automatically cleared. This mode prevents network changes from being made to security groups outside the Dome9 system, giving administrators tighter control over their security posture.