Use cases
Suspicious outbound communications
The Challenge
Relying on a single point of exit and control, such as a proxy or firewall, to control outbound traffic is not scalable in the cloud, where workloads are highly dynamic, often distributed across multiple regions, and can easily access the Internet through attached public IPs. This decentralized nature of cloud environments reduces the effectiveness of traditional perimeter-based security and increases the risk of unauthorized or malicious communications.
In such a context and scale, maintaining cloud visibility and continuously monitoring cloud workloads' communications to ensure they interact only with desirable and expected destinations—such as trusted third-party partners or for legitimate software updates, and not to malicious URLs/IP addresses becomes a challenging task.
The CloudFence solution
Continuous IP and DNS communications Analysis and Advanced Threat Intelligence
CloudFence is an agentless cloud network security solution that continuously analyzes DNS and IP communications of your cloud workloads using cloud logs such as AWS VPC Flow Logs, AWS Route53 DNS Logs, and Azure NSG Flow Logs.
Leveraging advanced cloud network security threat intelligence, we identify interactions with IP addresses or domain names linked to known threats, such as command and control (C&C) servers. Additionally, CloudFence track behavior changes such as sudden spikes in bandwidth usage, which are key indicators of potential compromise and data exfiltration in cloud environments.
Rapid Threat Detection
We continuously stream your cloud network logs through our analytics engine, enabling your security team to identify suspicious activities within minutes.
Total Cloud Visibility
Get complete cloud visibility into inbound and outbound network communications for every workload, empowering your security team to see and swiftly respond to suspicious activities.
Secure Outbound Traffic
We continuously monitor DNS communications from your cloud workloads, automatically building and maintaining a DNS trust list. This empowers your security team to effectively control external network communications and restrict egress traffic on your AWS firewall or egress proxy to only trusted destinations.
