Dome9 recently announced “native” support for Microsoft Azure. What does this mean for your users?
ZA: Dome9 provides security orchestration in public cloud environments. The Dome9 Arc SaaS platform is purpose-built to simplify security operations at scale in the cloud. We recently announced that Dome9 has built native integration with Microsoft Azure into the Dome9 Arc platform. Azure customers can now use the same powerful automation capabilities that AWS customers have enjoyed for the past couple of years to easily manage security and compliance in their IaaS cloud environments.
In addition to being an AWS Advanced Technology Partner with Security Competency, Dome9 is an official Microsoft Partner. Ryan McGee, director of security product marketing at Microsoft, had this to say about the announcement: “Microsoft Azure delivers industry-grade security for the most demanding environments. By supporting Azure natively using our powerful API, Dome9 is enhancing the security capabilities of the cloud platform and enabling users to protect their corporate assets.”
You can see Dome9 with Microsoft Azure in action here: https://www.youtube.com/watch?v=U96WiaWtaaI
Elaborate on the Dome9 native API support and agentless technology you use to secure Microsoft Azure
ZA: When it comes to securing public cloud environments, there is an ongoing debate about agent-based vs agentless service architectures. With an agent-based workload security product, you install a small software agent in each of your server instances to implement security functionality. An agent-based solution sits on top of the underlying cloud platform and essentially bypasses any native security features provided by the cloud.
Dome9 offers an agentless solution. The Dome9 SaaS platform talks directly to the underlying cloud provider (e.g., AWS, Azure) through the service provider’s API to get information about instances, services and the network, and control security. Because the agentless service communicates directly with the platform, no modifications are required in the resources that are part of your environment. Agentless services, also called cloud-native or API-based services, are completely transparent to the applications and workloads.
Dome9 Arc allows you to better utilize the powerful security capabilities that are included, often at no additional cost, with AWS and Azure services. Why let the significant investments in security by the cloud providers go to waste by not refining and enhancing what they do and apply that to your particular use case? We’re very excited to be at the forefront of this public cloud security movement – working alongside the top public cloud providers and their security teams.
What are some of the key benefits and features of Dome9’s native, public cloud support?
ZA: The Dome9 Arc platform allows security and operations teams to visualize the network security posture and exposure levels by analyzing network security groups and attached network-based assets like virtual machines, load balancers and database services in their Azure environments. Customers can detect and audit changes to security policies across Azure subscriptions and regions, correlate security events in the Azure Security Center, and continuously monitor their state of compliance.
This enables security operations teams to quickly identify and proactively resolve misconfigurations and vulnerabilities that could lead to downtime or costly breaches. Dome9 Arc provides organizations with overall security situational awareness for their Azure environments, making sure that their security controls conform to their overall security policy.
What are the challenges with managing security in multi-cloud environments, and how does Dome9 solve them?
ZA: In spite of the promise of multi-cloud environments, the pain and complexity associated with managing different cloud environments has been too high of a barrier to overcome. The disparity in security capabilities of different cloud providers is narrowing thanks to heavy investment in security by the major clouds in recent years. But different clouds provide vastly different frameworks and operational models for security. For example, the security model in AWS is built around VPCs, NACLs and Security Groups with unordered “allow” rules, while Azure offers Network Security Groups with ordered “allow” and “deny” rules but without group-to-group micro-segmentation capabilities. Administrators have to learn how to use the specific constructs and tools provided by each of the clouds. Operational tools and processes built for one cloud cannot be easily ported to another cloud.
Dome9 Security is allowing enterprises to embrace a multi-cloud strategy by offering native multi-cloud support. Dome9 Arc uses the security capabilities available in each cloud platform, but combines it with cloud-agnostic policy orchestration. Essentially, customers can specify policies once and use them to manage security in different public cloud environments.