CloudGuard Dome9 is a purpose built security and compliance solution for cloud environments such as Amazon AWS, Microsoft Azure, and Google Cloud Platform. CloudGuard Dome9 provides network security policy management and automation for your cloud environment across providers, regions and accounts. Organizations trust Dome9 to ensure that their network security is well defined and understood, and then to enforce that security policy on a continuous basis. In the event of an unauthorized change, (for example, somebody or something attempts to open network ports) Dome9 prevents this and instead enforces the configuration you have previously defined.
Whether public or private clouds are in use, CloudGuard Dome9 facilitates management of server configurations ranging from a few dozen to hundreds or thousands of instances. Its flexible security management tools ensure compliance while reducing configuration errors and potential breaches.
You manage your cloud accounts in CloudGuard Dome9 by first onboarding them into Dome9. The onboarding process grants the CloudGuard Dome9 application policy permissions to access some resources in your cloud accounts, such as Security Groups. CloudGuard Dome9 does not acquire permissions to access content in any of you cloud assets such as S3 buckets, RDS databases or EC2 instances.
When you onboard cloud accounts to Dome9, you can choose whether to manage the account fully in Dome9, or to allow CloudGuard Dome9 read-only permissions to monitor it (for example, to issue alerts when unauthorized changes are detected, but not to roll them back).
The sections in this guide describe the CloudGuard Dome9 features and how to use them.
Overview - this section introduces you to what CloudGuard Dome9 can do to secure your cloud environments.
Cloud Inventory - this section has step-by-step instructions to onboard AWS, Azure, and GCP cloud accounts to CloudGuard Dome9, describes how to manage protected assets in these cloud accounts in Dome9, and explains how to view and use Policy Reports to understand the security posture of your cloud assets.
Compliance & Governance - this section explains how to use the CloudGuard Dome9 Compliance Engine to assess the compliance of your cloud environments, and how to build compliance test bundles.
Compliance Engine Bundles & Rules - this section describes the built-in compliance bundles that you can use with the Compliance Engine, to test compliance of your cloud environments.
Network Security - this section explains how to visualize the security policies in your cloud environments, how to protect and manage your cloud assets such as Security Groups, and how to control access to cloud assets.
IAM Safety - this section describes how to gain controlled access to cloud accounts that are protected by CloudGuard Dome9, using the IAM Safety feature. Some activities require the use of the Dome9 mobile app.
Administration - this section describes how do manage your CloudGuard Dome9 account, including how to define users and roles, and how to view the audit trail.
Dome9 Mobile App - this section explains how to install the CloudGuard Dome9 mobile app, and use it to gain access to your protected cloud account (IAM Safety).