Solution Briefs

© Aviatrix, 2023. SOLUTION BRIEF Aviatrix Secure Egress Aviatrix provides the industry's first enterprise-class, fully embedded, secure egress solution that is purpose-built for cloud. This solution brief discusses the key features of Aviatrix Secure Egress, and how it can improve your overall security posture and lower security spending compared to existing solutions. Cloud is the new ground zero for hackers As more business-critical workloads move to cloud, hackers are taking notice. According to a recent report 1 , cloud exploitation grew by 95% in 2022, representing a 3x increase in attacks specifically for cloud. Similarly, Venafi reported 2 that 81% of companies experienced a cloud security incident in 2022. Cloud applications can no longer afford to be under-protected, especially against new attacks specifically designed to infiltrate critical cloud systems. You can't protect what you can't see Unlike a traditional data center, public clouds are designed to give an application quick and easy access to the Internet anywhere it is deployed. This makes cloud applications notoriously challenging to protect. Adding to this difficulty is the fact that cloud applications can be deployed in hours or even minutes, making it hard for security teams to keep up. Yet, without a secure egress solution, your cloud applications can talk to malicious endpoints or even steal your data, and you would never know it. The downside of virtual firewalls in the cloud Even though virtual firewalls provide the features needed for deep egress protection, they were never designed for public cloud. They are still point solutions optimized for the data center. Security teams relying on virtual firewalls must deal with the big sticker price, single points of failure, and a lack of agility, all issues that slow down cloud adoption. These delays can frustrate application owners, who look for more straightforward solutions to give Internet access to their quickly growing lines of business. The Virtual DMZ in theory The diagram below depicts a standard virtual DMZ architecture for processing outbound traffic. The typical design pattern relies on static routes to force outbound traffic from assigned app groups (or business units) into the virtual DMZ. Multiple virtual DMZs can be built depending on availability zone, region, or data classification. Known or trusted traffic can egress after inspection, while malicious or untrusted traffic is blocked and identified for further remediation. For threat identification to be as effective as possible, the firewall must inspect application-level data. Forcing application traffic to be in line with the firewall is a straightforward affair in the data center, where Internet egress is concentrated into a single point – the corporate DMZ. In public cloud, however, Internet access is just one click away from any application, making the implementation of a virtual DMZ a complex, expensive, and cumbersome endeavor. To achieve the ideal outcome, security teams must constantly worry about correct routing across the network to force traffic from all lines of business through the firewall. Sometimes this requires an invasive redesign of the existing architecture so formally isolated network segments become inter-connected. KEY BENEFITS • Purpose-Built for Cloud Supports Azure, AWS, GCP, Oracle and Alibaba • Automated Service Delivery Use Terraform to deploy in minutes • Embedded Security Creates distributed perimeter across the entire secure cloud network • Enterprise-class Protection Supports application visibility and threat detection • Cost Intelligence Designed as a low-cost, high value replacement for existing egress solutions SOLUTION BRIEF Aviatrix Secure Egress

• Cover