skip to Main Content

Valtix for Security Operations

#1 in Multi-Cloud,
Cloud-Native Network Security

Cloud is different. Cloud security needs a cloud-first solution for network security in the public cloud. Valtix provides cloud security teams with a single console and policy framework to apply comprehensive network security controls across ingress, egress, and east-west traffic paths within the public cloud. Only Valtix seamlessly supports multi-cloud use cases for AWS, Azure, GCP, and Oracle and connects discovery to defense, which helps ensure 100% coverage across accounts and cloud virtual networks.

Download eBook

30 Seconds to Adapt

Adapts dynamically to new apps and changes to existing apps

100% Cloud Coverage

Connects discovery to defense so that every account, app & API is secured

Zero Agents

No agents to deploy means less troubleshooting and fewer outages

Does Network Security Matter in the Public Cloud?

Yes! Organizations must treat security and compliance in the public cloud with the same best practices as they do on-premises. They need complete visibility, a reliable management framework, and layered security across networks, apps, workloads, and data.

Network security not only matters in the public cloud, it’s essential. Customized security in each app isn’t always possible, isn’t always consistent, and isn’t always cost-effective. The network is the only common ground across every application architecture. At Valtix, we exist because we see the relevance of network security for cloud applications hosted in cloud infrastructure across Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and others. And we saw the importance of doing it as a cloud-native service – otherwise, it’s just virtual appliances, which forgo many of the benefits of the cloud.

“We needed comprehensive Ingress and Egress security to support our standards and to meet compliance requirements. Once we hit scale with our service, it was clear our existing virtual-appliance-based firewall was becoming too cumbersome. Valtix gives us the security for ingress and egress that we need, but in a cloud-friendly and automated way. ”

CTO Digital Health Tech Provider

Don’t Settle on Good Enough Cloud Security

Valtix was built on the cloud, for the cloud. Simple to deploy and scale while delivering robust network security controls to meet your defense and compliance needs, Valtix enables cloud security teams to apply security controls through one policy across multiple clouds.

100% Coverage By Connecting Discovery to Defense

Public Clouds are highly dynamic. Change is constant. Many environments might have 10s or even 100s of applications hosted in the public cloud. With each devops team continuously deploying changes or even new applications on a regular basis, cloud security teams are in a battle to keep up.

Valtix Solution

With Valtix, cloud security teams get a single source for visibility and control across every application. They gain an always-on inventory with insights on where security must be deployed. With 1-click, they can deploy policy across any number of clouds or accounts within their scope of responsibility. Following best practices of layered security in the cloud gives them the added confidence that if a vulnerability does slip through, they’ve limited the attack surface and blast radius through proper policy at every critical ingress or egress point.

Adapt to Continuous Change Through Dynamic Policy

According to Gartner, by 2025, 99% of cloud security failures will be the customer’s fault. With cloud infrastructure (IaaS), the shared responsibility model makes almost everything beyond physical security the customer’s responsibility, which introduces the challenge of orchestrating and automating security tools across the public cloud. It’s especially challenging when the security tools being orchestrated were originally designed for the very different assumptions of the data center and on-prem infrastructure. Stitching together a patchwork of these legacy technologies leads to costly maintenance and inevitable failures.

Valtix Solution

Valtix provides a cloud-native security model known as the Valtix Dynamic Multi-Cloud Policy (™). This approach ties together continuous visibility and control to discover new cloud assets and changes, associate tag-based business context (from cloud provider), and automatically apply the appropriate policy to ensure security compliance. Once configured, the Valtix Dynamic Multi-Cloud Policy drives security infrastructure that works away in the background, invisible to cloud teams. Dynamic Multi-Cloud Policy helps ensure that critical security gaps don’t emerge and that the business stays secure and resilient. This is a key innovation that is unique to Valtix.

Advanced Egress Security to Prevent Exfiltration

For decades, best-practice security for applications hosted in the data center was to restrict external destinations to safe-listed IP addresses and ranges. As a result, if an application or a compute resource was compromised, its communication graph was limited to the safe-listed destinations. Today, most modern applications make use of a variety of external APIs (Twilio, Datadog, Snowflake, etc.). Unfortunately, to facilitate modern application architecture leveraging APIs, many organizations have relaxed communications to external sites. This opens them up to any number of malicious activities: Command-and-control (C2) server, ransomware, and data exfiltration.

Valtix Solution

Valtix enables better management and control of egress traffic to facilitate app and machine-initiated connections. As a result, cloud security teams can enable a full spectrum of security policies that can be directly used by application and DevOps teams without making it too complicated or requiring constant back-and-forth with security teams for every application and situation.

Prevent Lateral Movement of Threats

Attacks happen over periods that might last months, if not years. Cloud security professionals understand that the true threat is when an attacker gains a foothold and then moves laterally to find sensitive data or to inflict maximum pain in order to extort a ransom. East-west traffic includes communications such as inter-VPC/VNET, inter-region, endpoint services, private links, or PaaS constructs. These can be either client or server-initiated. It’s critical that cloud security teams be able to control and gain visibility to east-east traffic in order to prevent lateral movement.

Valtix Solution

Valtix provides a full stack of security that can help provide visibility and control to lateral movement through east-west traffic within public clouds. Valtix supports a variety of architectures including transit gateway and hub-spoke deployments and eliminates IPSec Tunnel requirements with AWS Transit Gateway. With Valtix, cloud security teams can ensure that policies move with your apps as the footprint scales and limit access based on instance identity (tag-based network segmentation).

Threat Insight Through DNS and VPC Flow

80% of Malware uses DNS to connect to a Command and Control (C2C) site. However, the way DNS and VPC Flow logging is handled in the cloud is different and most organizations have no visibility. These critical security telemetries are locked within cloud provider-specific systems.

Valtix Solution

Valtix not only unlocks these critical sources of intelligence but also associates domains / URLs with threat intelligence to alert on potentially malicious activity. Through integrations, these cloud telemetries can then be sent to a centralized log management capability for further analysis or correlation with other activities to fuel detection and response initiatives.

Solution Brief

Egress Security for Public Cloud

Egress Security in public cloud comprises a significant portion of the total security posture toward protecting public cloud workloads handling or using sensitive data. Also, access to public internet resources for software updates, patches, public repositories, API calls, 3rd party interconnects, and sensitive data logging to external sources.
Learn More

eBook

TLS Ramifications for Legacy NGFW Virtual Appliances

TLS Ramifications for Legacy NGFW Virtual Appliances for Outside-In DC Traffic In Public Clouds
Learn More

Blog Post

Cloud Network Security – Getting to Benefits With a Lot Less Cost

Ask an accomplished photographer, “what’s the best camera?” and the typical answer is, “the one you have with you.” For…

Learn More
Back To Top