Dome9 Releases Magellan Solution for Enhanced Threat Intelligence in the Cloud

Dome9 cloud securityDome9, a provider of public cloud security solutions, has released its Dome9 Magellan product – a new capability of the Dome9 Arc cloud security platform. Dome9 Magellan would deliver enhanced threat intelligence, deep event correlation, and policy-driven intrusion detection and forensics.

Dome9 Magellan synthesizes data from a variety of sources to build contextual awareness of security in a cloud environment. Dome9’s new offering is powered by their patent-pending enrichment engine. It would provide complete understanding of the ephemeral and dynamic nature of cloud environments.

Customers can use Dome9 Magellan to detect threats and intrusions, investigate cloud security incidents, and validate adherence to compliance and policy requirements based on actual network traffic and user-triggered events. Customers can use a uniform framework to define security policies and enforce them across static configurations as well as dynamic traffic and events in their cloud environments.

Enrichment Engine

Dome9 Magellan’s enrichment engine blends information from cloud-native sources such as VPC flow logs and CloudTrail events, public sources such as threat intelligence feeds, and Dome9’s model of the environment’s inventory of assets and security configurations. Dome9 Magellan is built to be extensible and can use the output from AWS security services such as Amazon Macie to further enrich and augment its security model.

Key Features of Dome9 Magellan would include

  • Dynamic cloud infrastructure modeling based on real-world, time-based events such as network flow logs and AWS CloudTrail events
  • Semantic awareness and attribution of network traffic to cloud-native ephemeral services such as AWS Lambda, Amazon Elastic Compute Cloud (Amazon EC2) Container Service (ECS), AWS Elastic Load Balancing, Amazon Relational Database Service (Amazon RDS), and NAT Gateways
  • Intrusion detection and compliance validation based on defining and enforcing policies around network data streams and user behavior analytics; e.g., “PCI/CDE instances should never talk to the Internet”
  • Continuous network monitoring and alerting based on customizable policies specified using natural language; e.g., “Lambda functions should never try to connect via SSH to any instance”

“The Dome9 Arc platform has offered comprehensive visualization and protection for cloud environments based on security configuration information,” said Zohar Alon, co-founder and CEO of Dome9 Security. “With the introduction of Dome9 Magellan, Dome9 Arc is now enhancing this configuration-based model with dynamic data from several sources to bring unprecedented threat intelligence and intrusion detection in the cloud that makes traditional network and host-based IDS tools obsolete.”