What is our primary use case?
1) Visibility for Cloud Work Load for Server, Server Less & Container environment
2) Security configuration review along with auto-remediation
3) Posture management and Compliance for complete Cloud Environment
4) Centralize Visibility for Complete Cloud Environment of Workload hosted on Multiple Cloud Platform (AWS, Azure, and GCP)
5) The baseline for Security Policy as per Workload based on Services such as S3, EC2, etc
6) Visibility of API call within the environment
7) IAM management providing access to cloud network in a control manner
8) Alert and Notification for any Security breach/Changes in Cloud environment
9) Flow Visibility of traffic from and to Cloud Environment
10) Real-time alerting for any incident
How has it helped my organization?
1) Provides visibility of organization complete cloud infra hosted on different cloud platforms such as AWS & Azure. It also provides visibility of different accounts hosted on multiple tenants on a single dashboard.
2) Provide visibility of workload with an average instance running on a daily basis. As we have few instances that are taken offline during nonworking hours
3) It provides access to complete Cloud environment in control manner, Admin is not allowed to create or add any user or change security Policy directly with an admin account, unless the same has been approved via IAM role
4) Provides compliance and vulnerability detail of our environment. It also provides auto-remediation for few policies.
5) It has helped us to create a baseline while enabling any services.
6) Provides complete detail of any workload trying or getting connected to the Internet or if some workload is getting bypass from Firewall Policy.
7) Provides end to end visibility of source and detail IP address along with communication detail.
8) Reports generated based on metadata and API calls hence it does not impact our billing cycle
What is most valuable?
1) IAM role is the feature which is widely used as it provides a granular level of control and visibility of any changes happening within our Cloud network
2) Benchmark of our network
3) Complaisance and reporting to understand and mitigate any security issue
4) Threat intel integration which provides us visibility in case any workload is communicating with Suspicious or blacklisted IP
5) Centralize dashboard for different tenant and account
6) Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless
What needs improvement?
1) More number of Security Policy to have more number of detection
2) It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues.
3) Should have support for VMware Pivotal Cloud Foundry
4) Should maintain configuration information which will help in case forensic need to be performed in term of changes
5) Should allow Policy to be deployed using a template and the same should be getting reviewed before deployment. This will help us to provide secure deployment CI/CD
For how long have I used the solution?
We have been using Dome9 for three months.
What do I think about the stability of the solution?
we have workout for SaaS offering from Dome9 hence entire setup is managed and maintained by Dome9. We have enrolled our account and using it as a service and till not we have not observed any outages
What do I think about the scalability of the solution?
As it's available as SaaS and subscription offering it can be scalable deepening upon the number of workloads for which support is required.
How are customer service and technical support?
Overall its excellent both support and presales team.
Which solution did I use previously and why did I switch?
We used a Cloud-native solution to identify security issues but it did not provide any detailed visibility. Also, multiple console access where required in order to identify and security flaw.
How was the initial setup?
It was straightforward there was template provided by Dome9 (Checkpoint) and that need to be imported in our account which create ID and provide access to Dome9 on our cloud infra to monitor and collect metadata logs
What about the implementation team?
Our cloud team has helped us in terms of implementation. Also, it's not complicated the complete step by step guide is provided by Dome9 (CheckPoint) for enrolling Cloud to Dome9.
What's my experience with pricing, setup cost, and licensing?
Cost is based on number or Workload in case of Prisma & Dome9
For Aquasec it's based on a number of application workloads
For Conformity it's based on the number of accounts
Which other solutions did I evaluate?
Redlock from Prisma
Conformity from Trend Micro
What other advice do I have?
Licensing should be based on workload and should have some option for smaller brackets its should not in starting from 100,200 etc.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)