Use cases
Security Group hardening
The Challenge
Infrastructure teams are often unaware of application behavior, leading to the provisioning of infrastructure with wide-open network access and workload identities with excessive privileges. This creates a massive attack surface, making lateral movement and privilege escalation significantly easier for attackers.
Besides, applications in the cloud are inherently more dynamic—access that is needed today may become obsolete tomorrow due to changes in application architecture or access patterns. Without proper Cloud Network Security controls to automatically detect and restrict unused access, security teams are left with the tedious task of manually tracking and revoking unused access.
Reviewing AWS Security Groups or security groups from any other cloud provider, along with the matching flow logs, could take your security team weeks, if not months.
The CloudFence solution
Continuous Network Communications Analysis and Automatic Access Hardening
CloudFence is an agentless solution that continuously analyses cloud network logs, such as AWS VPC flow logs and Azure NSG flow logs and cross-checks every communication to each workload against its security group configuration to Identify and remove unused access
Fortify network security
Prevent lateral movement and data exfiltration
Global view
Get a centralized view on all your security groups. Quickly identify and remove unnecessarily open access.
Detailed Insights and Remediation
Get a detailed view on each security group rule, its last active time stamp and hit count. Implement least privilege access and make lateral movement hard for attackers
