Solution Briefs

Technical Brief: Aviatrix Secure Egress

Information on multi-cloud networking, cloud network platform, cloud networking, cloud network security, cloud network operations, aviatrix secure cloud networking

Issue link: https://aviatrix.com/resources/i/1494831

Contents of this Issue

Navigation

Page 0 of 6

1 AVIATRIX VALIDATED DESIGN TECHNICAL GUIDE Aviatrix Secure Egress Overview Aviatrix Secure Egress is a multicloud software-defined networking solution designed to deliver centralized control over Internet-bound traffic from VPCs or VNets using Layer 4 filtering, standard threat prevention, geo-blocking, and Fully Qualified Domain Name (FQDN) filtering. The solution satisfies organizational and regulatory compliance initiatives for restricting outbound traffic to the Internet, such as PCI, HIPAA, and SOC2, while eliminating the complexity of manually creating filtering rules at an instance level using constantly changing IP address lists. The solution is powered by Aviatrix Secure Cloud Networking and delivers enterprise-class visibility, centralized control, and faster MTTR/MTTD unavailable from native cloud services or open-source proxy software. Cloud applications with unrestricted access to Internet-based services expose your environment to attack. Best practices limit application and database tier network communications to only known Internet-based services. For example, app-tier services that require build packages from GitHub must have access to github.com, but all other access should be filtered and blocked. Aviatrix provides the visibility to understand what Internet-based services your applications communicate with and allows you to filter those communications by service and Fully Qualified Domain Names (FQDN). Aviatrix Secure Egress provides visibility and control for traffic leaving VPCs or VNets. Aviatrix Gateways provide this filtering capability by generating flow visibility and filtering egress traffic by Fully Qualified Domain Names (FQDNs), either "Allowing" or "Blocking" lists of domain names to control the egress traffic based on policies. Layer 4 policies can be added for additional outbound protection. Filtering supports HTTP, HTTPS, or other non- HTTP applications such as SFTP/SSH. Threat Prevention and Geoblocking capabilities delivery holistic egress security. TECHNICAL BRIEF Aviatrix Secure Egress

Articles in this issue

Links on this page

view archives of Solution Briefs - Technical Brief: Aviatrix Secure Egress