Through the use of the Dome9 agent, it is possible to enforce host based inbound and outbound security policy. The use of the term ‘security group’ is universal within Dome9 and can reference either an AWS security group or a Dome9 agent security group.
A benefit of agent-based deployment is the ability to manage machines located anywhere – private cloud, public cloud and even physical servers. Agent installation is straightforward; the ability to support any environment and a richer set workload specific security functions provides advantages over agentless management.
All of the Dome9 agent functionality is key to pursuing data security standards such as PCI or HIPPA. Local host firewall management, firewall logging policy, and file integrity monitoring (FIM) are all required in many if not all such standards.
Note: Dome9 has deprecated agent-based functionality.