Valtix for Security Operations
#1 in Multi-Cloud,
Cloud-Native Network Security
Cloud is different. Cloud security needs a cloud-first solution for network security in the public cloud. Valtix provides cloud security teams with a single console and policy framework to apply comprehensive network security controls across ingress, egress, and east-west traffic paths within the public cloud. Only Valtix seamlessly supports multi-cloud use cases for AWS, Azure, GCP, and Oracle and connects discovery to defense, which helps ensure 100% coverage across accounts and cloud virtual networks.
30 Seconds to Adapt
Adapts dynamically to new apps and changes to existing apps
100% Cloud Coverage
Connects discovery to defense so that every account, app & API is secured
No agents to deploy means less troubleshooting and fewer outages
Does Network Security Matter in the Public Cloud?
Yes! Organizations must treat security and compliance in the public cloud with the same best practices as they do on-premises. They need complete visibility, a reliable management framework, and layered security across networks, apps, workloads, and data.
Network security not only matters in the public cloud, it’s essential. Customized security in each app isn’t always possible, isn’t always consistent, and isn’t always cost-effective. The network is the only common ground across every application architecture. At Valtix, we exist because we see the relevance of network security for cloud applications hosted in cloud infrastructure across Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and others. And we saw the importance of doing it as a cloud-native service – otherwise, it’s just virtual appliances, which forgo many of the benefits of the cloud.
“We needed comprehensive Ingress and Egress security to support our standards and to meet compliance requirements. Once we hit scale with our service, it was clear our existing virtual-appliance-based firewall was becoming too cumbersome. Valtix gives us the security for ingress and egress that we need, but in a cloud-friendly and automated way. ”
CTO Digital Health Tech Provider
100% Coverage By Connecting Discovery to Defense
Public Clouds are highly dynamic. Change is constant. Many environments might have 10s or even 100s of applications hosted in the public cloud. With each devops team continuously deploying changes or even new applications on a regular basis, cloud security teams are in a battle to keep up.
With Valtix, cloud security teams get a single source for visibility and control across every application. They gain an always-on inventory with insights on where security must be deployed. With 1-click, they can deploy policy across any number of clouds or accounts within their scope of responsibility. Following best practices of layered security in the cloud gives them the added confidence that if a vulnerability does slip through, they’ve limited the attack surface and blast radius through proper policy at every critical ingress or egress point.
Adapt to Continuous Change Through Dynamic Policy
According to Gartner, by 2025, 99% of cloud security failures will be the customer’s fault. With cloud infrastructure (IaaS), the shared responsibility model makes almost everything beyond physical security the customer’s responsibility, which introduces the challenge of orchestrating and automating security tools across the public cloud. It’s especially challenging when the security tools being orchestrated were originally designed for the very different assumptions of the data center and on-prem infrastructure. Stitching together a patchwork of these legacy technologies leads to costly maintenance and inevitable failures.
Valtix provides a cloud-native security model known as the Valtix Dynamic Multi-Cloud Policy (™). This approach ties together continuous visibility and control to discover new cloud assets and changes, associate tag-based business context (from cloud provider), and automatically apply the appropriate policy to ensure security compliance. Once configured, the Valtix Dynamic Multi-Cloud Policy drives security infrastructure that works away in the background, invisible to cloud teams. Dynamic Multi-Cloud Policy helps ensure that critical security gaps don’t emerge and that the business stays secure and resilient. This is a key innovation that is unique to Valtix.
Advanced Egress Security to Prevent Exfiltration
For decades, best-practice security for applications hosted in the data center was to restrict external destinations to safe-listed IP addresses and ranges. As a result, if an application or a compute resource was compromised, its communication graph was limited to the safe-listed destinations. Today, most modern applications make use of a variety of external APIs (Twilio, Datadog, Snowflake, etc.). Unfortunately, to facilitate modern application architecture leveraging APIs, many organizations have relaxed communications to external sites. This opens them up to any number of malicious activities: Command-and-control (C2) server, ransomware, and data exfiltration.
Valtix enables better management and control of egress traffic to facilitate app and machine-initiated connections. As a result, cloud security teams can enable a full spectrum of security policies that can be directly used by application and DevOps teams without making it too complicated or requiring constant back-and-forth with security teams for every application and situation.
Prevent Lateral Movement of Threats
Attacks happen over periods that might last months, if not years. Cloud security professionals understand that the true threat is when an attacker gains a foothold and then moves laterally to find sensitive data or to inflict maximum pain in order to extort a ransom. East-west traffic includes communications such as inter-VPC/VNET, inter-region, endpoint services, private links, or PaaS constructs. These can be either client or server-initiated. It’s critical that cloud security teams be able to control and gain visibility to east-east traffic in order to prevent lateral movement.
Valtix provides a full stack of security that can help provide visibility and control to lateral movement through east-west traffic within public clouds. Valtix supports a variety of architectures including transit gateway and hub-spoke deployments and eliminates IPSec Tunnel requirements with AWS Transit Gateway. With Valtix, cloud security teams can ensure that policies move with your apps as the footprint scales and limit access based on instance identity (tag-based network segmentation).
Threat Insight Through DNS and VPC Flow
80% of Malware uses DNS to connect to a Command and Control (C2C) site. However, the way DNS and VPC Flow logging is handled in the cloud is different and most organizations have no visibility. These critical security telemetries are locked within cloud provider-specific systems.
Valtix not only unlocks these critical sources of intelligence but also associates domains / URLs with threat intelligence to alert on potentially malicious activity. Through integrations, these cloud telemetries can then be sent to a centralized log management capability for further analysis or correlation with other activities to fuel detection and response initiatives.