Aviatrix Blog 
Managing a cloud network can feel like a complex game of juggling: working to secure sensitive data without overspending your budget, creating resiliency without making your architecture too complex, and maintaining agility while ensuring regulatory compliance. A strategy or solution may help cover one area of success while leaving a critical gap in another.
Many organizations struggle with two major gaps in their cloud networking strategy:
- Secure Cloud Egress – Cloud providers may help you inspect ingress traffic, but they don’t provide secure egress, leaving a vulnerability that threat actors could exploit. Many organizations try to cover this area by integrating a third-party security solution, but that integration adds expense and complexity to your network.
- Secure Hybrid-Cloud Connectivity – Many organizations have on-premises data centers that require secure and high-performance connectivity to the cloud. Designing a network architecture that maintains those connections without becoming a Gordian knot is difficult enough, while monitoring and troubleshooting require constant visibility.
Aviatrix’s latest software release includes new features and enhancements designed to help complete your network’s security puzzle. It equips you to protect your cloud perimeter and connect data centers to your network with robust security and high-performance connectivity.
Ensuring Secure Cloud Egress
Security is the single most crucial aspect of your network. Without a robust security solution, you risk compliance violations or data breaches that can damage your organization’s credibility. Here are a few features in the latest Aviatrix release that help you fortify your cloud perimeter and keep your data safe:
Next-Gen ThreatIQ (ThreatGroups) and Geoblocking (GeoGroups)
Aviatrix has leveled up its ThreatIQ and Geoblocking by integrating them into Distributed Cloud Firewall. “ThreatGroups” and “GeoGroups” now complement the already powerful “SmartGroups” enabling dynamic security based on out-of-the-box and continuously up-to-date threat intelligence. Policy administrators now have more granular control and instantaneous defense against known threats. While Zero Trust is always the best security posture, threat-based blocking and alerting can immediately improve our security posture as you develop Zero Trust policy for your application environments.
Distributed Cloud Firewall (DCF) Logging Enhancements
Integrating with the enterprise security ecosystem is incredibly important. In this release, we’ve enhanced our Distributed Cloud Firewall (DCF) solution, which embeds security throughout a distributed cloud environment, with improved logging efficiency and performance improvements. Logs can now be sent directly via Syslog or proxied through the Aviatrix Log Integration Engine to SIEMs for integration into the threat hunting and forensics workflows.
Island VNET/VPC Support in Azure
“Island VPC/VNets” are VPC/VNets that are not connected to your corporate network. In some ways, this is a great security practice. If an application doesn’t need to be connected, it provides a natural barrier for lateral movement. Unfortunately, this architecture is also very challenging for implementing Egress security controls for various reasons, but one of those is that many of these VPCs and VNETs may have the same private IP addresses.
In the latest release, Aviatrix gives organizations the best of both architectures – natural isolation for preventing lateral movement, the ability to reuse IP addresses and mitigate address exhaustion, and cost-effective Egress network security with centralized visibility and control. When leveraging VPC, Subnet, and VM-type SmartGroups, Aviatrix now supports intelligent policy enforcement even when IP overlap exists across AWS and Azure.
Distributed Cloud Firewall on Site2Cloud
Sometimes, the perimeter of your network is not the Internet but where you are connecting to a third party. Aviatrix has always provided unique benefits in B2B scenarios by making VPN more performant and resilient and providing improved troubleshooting tools. We are also making the latest release more secure. By integrating Site2Cloud and Aviatrix Distributed Cloud Firewall, you can apply advanced network security policy directly to their remote connections. You can now enforce intent-driven policies such as, “Customer A can only talk to instances tagged as ‘Frontend’ on port 443”. This enhancement empowers you to enforce security policies while connecting to third parties, helping you centralize and simplify network management.
Reduced Policy Convergence Times for SmartGroups
Aviatrix SmartGroups track grouped cloud-native objects, such as VPCs/VNets, subnets, and VMs, by their tags and attributes. Because applications don’t have the same kind of “identity” as a user, these attributes collectively represent a workload’s identity. SmartGroups and their dynamic nature are critical to delivering network security that app teams and security teams love because the policy automatically evolves as the app changes without having to make manual changes on the firewall. While other vendors have similar features, Aviatrix is again leveling up our already industry-leading performance by delivering an end-to-end event-driven architecture. This shortens the time from when a tag or attribute is changed to when a policy is applied to minutes or even seconds . . . at scale.
Google Cloud Global VPC with Aviatrix Firenet
Security is a priority, and at Aviatrix, we believe it’s incredibly important to meet you where you are. Many organizations leverage Google Cloud’s Global VPC feature. It provides networking convenience but creates challenges for inter-VPC networking and network security. You can now use the Aviatrix FireNet feature to secure egress traffic for Global VPCs in your GCP accounts. If the traffic leaves the VPC, Aviatrix will intelligently egress the traffic through the local region.
Request a free trial of our Cloud Perimeter solution here.
Creating Secure Hybrid-Cloud Connectivity
For organizations with multi-region or international data centers, connecting those edge locations to the cloud is an ongoing challenge. These connections must be as performant as possible, whether they’re located in Manhattan or Mongolia, and of course, they must be secure. The latest release includes several features to help you close this gap in your network:
Edge Transit on Aviatrix Edge Platform, Equinix, and Megaport (Preview Feature)
Aviatrix has long enabled organizations to connect their hybrid cloud securely without making a tradeoff between encryption and performance. The Aviatrix Edge solution extends the Aviatrix fabric outside of the major hyperscalers and into data centers and mid-mile providers like Megaport and Equinix. The shape of the enterprise network is changing, and Megaport and Equinix are becoming the heart of many enterprise networks. Many organizations want to add security, encryption, visibility, and other advanced networking capabilities on top of these excellent service providers. Until now, that required a complex combination of legacy networking appliances. With the latest release, Aviatrix now supports all of the advanced transit networking functionality that we pioneered in the hyperscalers on Aviatrix Edge in Equinix, Megaport, and on Aviatrix Edge Platform. This drastically simplifies network architecture, enabling next-generation, flexible, global, and resilient network backbones.
Learn more about how Aviatrix can help you secure your cloud perimeter and provide you with secure hybrid-cloud connectivity.