Embedded Cloud Network Security

Unlike cybersecurity and cloud infrastructure companies that provide bolt-on tools, Aviatrix builds security into the network.

Bridge the Solution Gap with Embedded Security 

Enterprise network security architecture must evolve for cloud. Unlike on-premises, Cloud does not have a well-defined perimeter, requiring an architecture and products that enforce policy everywhere. Network Security policies must be expressed as dynamic intent, not static rules, to support cloud self-service and agility. Inspection and enforcement must be distributed and built into the network, not bolted on as dedicated, static inspection points.

Aviatrix provides the industry’s first enterprise-class, fully embedded, secure egress solution that is purpose-built for cloud. Aviatrix Secure Egress improves your overall security posture and lowers security spending compared to existing solutions.

Let’s get started!

Embedded Cloud Network Security

Aviatrix Embedded Network Security product services include:

NAT Gateway Replacement with Secure Egress Gateways

Aviatrix Gateways can replace native cloud NAT Gateways to significantly reduce costs and add egress FQDN filtering, threat detection, and geo-blocking. Aviatrix Gateways learn what applications are using the FQDNs, simplifying the process of building the allow and deny lists.

Distributed Layer 4 Firewalling

Every Aviatrix Gateway can perform packet inspection and enforce L4 firewalling policies. Policies are defined centrally and expressed as intent, then distributed to Aviatrix Gateways in the network path the policy intends to secure. Policies can be dynamic leveraging cloud-native tags and attributes so that enforcement is automatically updated as cloud-native applications scale and evolve.

Automated Threat Detection and Mitigation

CoPilot’s ThreatIQ leverages the Aviatrix Gateways to provide threat prevention by inspecting every packet flowing through the Gateway and comparing the connection attempt with industry-standard threat intelligence. ThreatIQ can immediately apply a blocking rule to shut down the communication if any matches occur.

FireNet – Bring Your Own NGFW Firewall Service Insertion

Aviatrix FireNet connects Palo Alto Networks, Check Point, Fortinet, and F5 firewalls to the Aviatrix secure cloud network backbone. The FireNet feature along with Aviatrix Gateways delivers high-performance, load balancing without SNAT and automated route propagation, to easily deploy and scale out NGFWs with a consistent perimeter of architecture all of the major public clouds.

Secure User VPN Gateway

Aviatrix Gateway can deliver SSL VPN termination supporting OpenVPN® and Aviatrix SAML clients. Each VPN user can be assigned to a profile defined by access privileges to the network, host, protocol, and ports. When a VPN user connects to the public cloud via an Aviatrix VPN Gateway, the access control is dynamically enforced.

High-Performance Encryption, Line-Rate up to 100 Gbps

Standard IPsec throughput is limited to a single processing core and single tunnel, resulting in 1.25 Gbps of encrypted throughput, regardless of the throughput capabilities of the underlying transport. Aviatrix Gateways leverage patented technology to aggregate processing cores and tunnels to achieve wire-speed IPsec throughput up to 100 Gbps.

Multicloud Network Segmentation

Aviatrix Gateways make it possible to isolate traffic to specific routes, allowing the isolation of well-defined groups such as customers or partners. These policies are enforced the same in every cloud so that policies can be centrally defined and used across a multicloud environment.


If the traffic path of the expressed intent does not flow through an Aviatrix Gateway (e.g. traffic flow in between two instances within a VPC or VM within a vNet), the Aviatrix controller will leverage native security groups to apply the intended policy, abstracting this from the operator.

Why We Are Better

Embedded security. It’s that simple.

Native cloud networking services do not offer end-to-end encryption or embedded network security; they rely on traditional bolt-on network security architecture, which increases complexity and increases business risk caused by human errors. Aviatrix delivers end-to-end, high-performance encryption with embedded network security for distributed inspection and policy enforcement.

Learn more about Aviatrix Secure Egress

Every Aviatrix Gateway delivers both networking and network security functionality. This architecture allows IT to centrally manage networking and network security while distributing packet processing, inspection, and enforcement throughout a multicloud network.

Become the cloud networking hero of your business.

See how Aviatrix can increase security and resiliency while minimizing cost, skills gap, and deployment time.