Dome9 is a multi-cloud security and compliance automation solution that allows enterprises to manage security consistently across the leading cloud platforms. As part of our ongoing effort with integrating with Microsoft Azure, Dome9 has provided many of the same features and capabilities for customers running workloads on Azure as for the other cloud providers. For more information, check out a previous blog post here. In our continued investment we now support Tamper Protection for Azure!
Let’s start with what Tamper Protection is, and why enterprise security teams need it.
Imagine a scenario when a junior developer with admin privileges needs to access a service quickly, so she bypasses due process and makes changes to a Network Security Group (NSG) outside of the guidelines. Or worse, if a malicious attacker gets access to PROD for a few minutes and creates a backdoor by allowing telnet on an existing NSG.
To protect themselves from situations like these, customers ask:
1. How can I keep things locked down without having to constantly monitor and manage security?
2. Given the complexity of troubleshooting and fixing errors, how do I detect and remediate misconfigurations?
3. Who was granted access and when?
Solution: Dome9 Tamper Protection for Azure
Enforce Gold Standard Policy Configuration as Part of your Security Operations: Tamper Protection is a powerful capability in the Dome9 Arc platform that allows you to lock down your cloud environment efficiently. It gives Dome9 complete authority over your network security group (NSG).
Now you can:
– Lock down and deny changes to network security groups (NSGs) outside of Dome9
– Automatically reverts unauthorized modifications to last known good state
– Detect when a configuration drift has occured and and when it was corrected (All changes are audited and tracked)
One extra nuance with Azure is that Azure NSGs are closer to “classic” firewall, and they have concept of priorities for their firewall rules. Part of the capability of reverting configuration and rules is also restoring the priorities, as the order is important.
To summarize, we now have 3 modes in Azure:
1. Read Only Account: Dome9 can only observe configuration made in cloud console
2. Managed Account: Changes can be made in either Dome9 or cloud console
3. Managed + Tamper Protection: Changes can only be made through Dome9. Any changes outside of Dome9 are automatically reverted
The role of security operations to provide businesses with security agility that reduces the time it takes to identify attacks and and accelerates remediation actions. Dome9 Tamper Protection enables stress free operations. Elevate your security posture in Azure environments with Tamper Protection!