Dome9 leverages server-based host firewalls for all server platforms, using Windows operating system firewalls and native Linux firewalls such as iptables. Agents are installed on the servers to enable management through the Dome9 Security Central interface. Alternatively, an API is used if the cloud provider utilizes virtual machine firewalls, such as Amazon Web Services, allowing control of administration of its Security Groups.
Dome9 says its service addresses a critical security gap as enterprises move from physical to cloud environments, losing perimeter-based controls. "When enterprises migrate server infrastructure to the cloud, the perimeter goes away," says Dave Meizlik, Dome9 VP of marketing. "Yet many IT folks are leaving the server ports open to be able to connect to and manage their machines."
However, management of each server’s host firewall--particularly in large, heterogeneous environments with both Windows and Linux servers--doesn’t scale well. Dome9’s service solves this problem with a centralized management portal that can present all types of servers to the admin, regardless of platform.
Enterprises can apply access policies to individual servers and groups of servers, as well as to individuals and groups. Delegated administration allows permissions to be managed based on admin privilege. While access permission is controlled through Dome9’s portal, users authenticate and gain access directly to the server. The problem of shared accounts is eliminated as all access permission is controlled through Dome9.
Access controls are very granular, based on user and group profiles. So, for example, users can be given time-based permissions on a regular basis or through one-time "invitations." In this way, organizations can tightly control access to, for example, contractors and partners, as well as to employees.
Security policies and configurations "follow" VM servers as they are spun up and migrate in a dynamic cloud environment. Account- and server-level visibility and logging allow enterprises to monitor user activity and provide an audit trail for compliance. The pay-as-you-go service starts at $20 per server per month.
See more on this topic by subscribing to Network Computing Pro Reports Strategy: Malware Analysis (subscription required).