Valtix for Egress Filtering
SECURE THE BACKDOOR OF
APP TO SERVICE COMMUNICATION.
Valtix enables egress filtering for AWS, Azure, GCP, and OCI through advanced domain (FQDN) and URL filtering combined with data loss prevention (DLP) to block unauthorized external connectivity and data exfiltration. Through a comprehensive platform that centralizes multi-cloud policy, Valtix FQDN/URL filtering eliminates the need for egress security point solutions.
5 Minutes To Deploy
Quickly connect to each cloud account, discover workloads, and enable security
100% Cloud Coverage
Connects discovery to defense so that every account, app & API is secured
Zero Ops Overhead
Eliminate constant upkeep, challenging upgrades, and the management of appliances
A NEW APPROACH TO APPS REQUIRES ADVANCED EGRESS FILTERING
A tectonic shift has taken place in-app architecture. More and more, apps are built with a services-based approach in mind, with microservices communicating over well-defined APIs. Often, these APIs are remote or external. The requirement to enable GitHub and other code repositories adds another layer of backdoor communication to the mix. Unfortunately, security teams historically didn’t need to cope with these challenges. So, they are often now scrambling to not leave egress open, unsecured, and unmonitored. However, until they get egress filtering and security solutions in place, they contend with unacceptable risks in the form of:
- Allowing command-and-control (C2) for malware distribution, cryptocurrency mining, disrupting operations, DDoS attacks, etc.
- Losing visibility to the exfiltration of data out of the virtual private cloud (VPC)
In order to regain the egress control they’d lost and meet compliance (PCI, HIPAA, SOX, etc), many organizations will try to employ Squid Proxy or other point solutions to implement egress filtering. They might even go to the extreme of deploying a hard-to-scale virtual appliance. What they realize is that the cloud is different, and ensuring that they gain complete visibility and control over egress at scale requires cloud-scale solutions. And getting in the path of traffic is not always possible or practical.
A cloud-native and multi-cloud solution for Egress Filtering didn’t exist.
Here are the egress security challenges we hear from customers.
Sound familiar? Valtix can help with cloud egress filtering.
The Cloud Service Providers (CSPs) don’t provide egress filtering in a scalable way across 10s-100s of VPCs and accounts belonging to a variety of teams (dev, test, prod/compliance).
Virtual Appliance NGFWs are very difficult to manage and create a chokepoint that doesn’t scale and adds risk.
Squid Proxy and other Egress point solutions are difficult to implement, fragment security, lack critical features, and introduce blind spots.
Gain Outbound Visibility
Understand outgoing traffic patterns to identify anomalous activity or known malicious connectivity that could indicate compromise
Stop Malicious Connections
Apply proactive policies to prevent unauthorized external connectivity or to filter outgoing traffic by domain or IP reputation
Accelerate Incident Response
Quickly pivot to block known command and control (c2) threats such as crypto mining, ransomware, or botnets through egress policy
Egress Filtering – Critical Capabilities to Consider:
|Forward/Reverse Proxy (as needed)
|Custom Lists for Domain Category
|Auto Discovery (App-Tag-based)
|Auto Malware Detection
|Data Loss Prevention (DLP)
|Flow Log Visibility
|Multi AZ High Availability
|Allowed/Denied Session Logs
|Automation and Management
|Managed Service (SaaS)