Advanced Security. Cloud Native

Great security products. Cloud-native security products. Why do these not overlap? Why should we be faced with the choice of either strong security (as a legacy virtual machine, centrally configured, non-scalable) or weak 1-tuple stateless ‘firewall’ rules from our cloud provider?

Threats have more than one direction than ‘outside bad, inside good’. What if ‘bad’ is already inside? Bad behaviour can come in via the software supply chain, meaning we need a solution which handles the elastic scale of cloud, with its short time-horizons, that works as other than a ‘bastion’ at the door. We need cloud-native advanced security, without compromise.

 

Fix The Audit-Inaccuracy

The cloud is full of NAT and proxy which change the addressing. This breaks your audit, your SIEM, your workflow. We can help. Need geo-restrictions by IP? Need flow-level audit with proper IP? Fail2ban?

Integrate the world of ‘fixed IP’ with the world of ‘elastic’

The cloud has instances coming and going. Your (outbound) IP is unknowable. Need to integrate through a legacy firewall to a database or API where they want a fixed source IP? We can help.

Control your Egress

It’s cloud. It’s API native. Those API’s are in other peoples’ clouds, and thus you can’t block egress. But you worry about what data might exfiltrate covertly. Let’s talk about how we can make it easy and convenient to control but allow, to keep the good of the cloud and merge it with the good of the datacentre.

Origin IP to your container

Using Kubernetes? With a Load Balancer, an Ingress, some Istio sidecars? Get the origin IP intact to your container so your logs and rules are correct.

Learn more…

 

SMTP email from your container

Need to relay through your corporate SMTP, and it needs a fixed ‘from’ IP to be secure? We can help.

Learn more…

 

Infinite Audit

Worried that the only audit you have is connections made to your services? What about ICMP? UDP? Scanning? Let our flow-transparent logs help you.

Learn more…

 

Control the Egress

Cloud applications tend to use external public API’s. It can be difficult to control what is, and what is not, allowed to egress. Couple that with the transitional problems associated with external firewalls wanting fixed inbound IP rules, but the cloud has no fixed IP’s, and you have a challenge. We have the solution. 

 

TranspareNT IP. SIMPLE

Kubernetes and other public cloud can have 3 levels of address translation. The inbound load balancer does NAT. The Ingress does NAT. The sidecar does NAT. By the time a packet arrives at your service the source IP is itself. Learn how you can fix this without needing offline correlation of flows, making your existing audit and firewall rules work.

ADVANCED SECURITY CAN BE CLOUD NATIVE?

Stop. Put down that VPC-networking-trying-to-emulate-vlans with a single central point of enforcement.

Let’s talk about fail-2-ban, accurate audit, advanced web-application-firewall-style features, east-west, north-south, wherever the compass may take you.

 

Please consider subscribing via email to our updates and blog.