Valtix for Egress Filtering
SECURE THE BACKDOOR OF
APP TO SERVICE COMMUNICATION.
Valtix enables egress filtering through advanced domain (FQDN) and URL filtering combined with data loss prevention (DLP) to block unauthorized external connectivity and data exfiltration. Through a comprehensive platform that centralizes multi-cloud policy, Valtix eliminates the need for egress security point solutions.
5 Minutes To Deploy
Quickly connect to each cloud account, discover workloads, and enable security
100% Cloud Coverage
Connects discovery to defense so that every account, app & API is secured
Zero Ops Overhead
Eliminate constant upkeep, challenging upgrades, and the management of appliances
A NEW APPROACH TO APPS REQUIRES A NEW APPROACH TO SECURITY.
A tectonic shift has taken place in-app architecture. More and more, apps are built with a services-based approach in mind with microservices communicating over well-defined APIs. Often, these APIs are remote or external. The requirement to enable GitHub and other code repositories add another layer of backdoor communication to the mix. Unfortunately, security teams historically didn’t need to cope with these challenges. So, they are often now scrambling to not leave egress open, unsecured, and unmonitored. However, until they get egress filtering and security solutions in place, they contend with unacceptable risk in the form of:
- Allowing command-and-control (C2) for malware distribution, cryptocurrency mining, disrupting operations, DDoS attacks, etc.
- Losing visibility to the exfiltration of data out of the virtual private cloud (VPC)
In order to regain the egress control they’d lost and meet compliance (PCI, HIPAA, SOX, etc), many organizations will try to employ Squid Proxy or other point solutions to implement egress filtering. They might even go to the extreme of deploying a hard-to-scale virtual appliance. What they realize is that the cloud is different and ensuring that they gain complete visibility and control over egress at scale requires cloud-scale solutions. And getting in the path of traffic is not always possible or practical.
A cloud-native and multi-cloud solution for Egress Filtering didn’t exist.
Here are the egress security challenges we hear from customers.
Sound familiar? Valtix can help.
The Cloud Service Providers (CSPs) don’t provide egress filtering in a scalable way across 10s-100s of VPCs and accounts belonging to a variety of teams (dev, test, prod/compliance).
Virtual Appliance NGFWs are very difficult to manage and create a chokepoint that doesn’t scale and adds risk.
Squid Proxy and other Egress point solutions are difficult to implement, fragment security, lack critical features, and introduce blind spots.
Gain Outbound Visibility
Understand outgoing traffic patterns to identify anomalous activity or known malicious connectivity that could indicate compromise
Stop Malicious Connections
Apply proactive policies to prevent unauthorized external connectivity or to filter outgoing traffic by domain or IP reputation
Accelerate Incident Response
Quickly pivot to block known command and control (c2) threats such as crypto mining, ransomware, or botnets through egress policy