Dome9 SecOps for AWS


Dome9 SecOps for AWS

Advanced Security Management for Amazon EC2 & VPC

Securing and managing policy for large-scale AWS EC2 and VPC deployments can be complex. AWS Security Groups are the building blocks but offer limited flexibility, few safeguards exist to limit unauthorized users from modifying policy, rules sets are limited and manual to configure, and security is managed and deployed separately, within the EC2 console, from the rest of your existing infrastructure.

But, what if you could:

  • Centrally manage all your AWS EC2 & VPC Security Groups across multiple AWS accounts and regions?
  • Authorize access to instances but prohibit users from modifying security groups?
  • Automatically revert unauthorized policy changes so security is always enforced?
  • Visualize your security groups internal and external connections?

Introducing Dome9 SecOps for AWS

Dome9 SecOps is an enterprise security operations center for large-scale AWS customers.

Using Dome9 Cloud Connect for agentless integration with AWS, SecOps provides total control over AWS EC2 and VPC security groups, giving you:

Centralized security management for multiple AWS EC2 and VPC regions
Consolidate policy controls and get secure access for both your EC2 and VPC security groups and instances. Whether you have a single AWS account and region or multiple, Dome9 SecOps for AWS gives you a unified command center for all your policy administration.

Alerts and tamper protection
Stop unauthorized users and applications from modifying security groups without your permission. Get alerts any time a change is made, and automatically revert mistaken or malicious policy configurations.

Dome9 Clarity: AWS Security Visualization
Explore your AWS security policies in a visual dynamic map that outlines the relationships within each region and VPC. more details…

Editable service names and descriptions
No more cryptic service names such as ‘Custom 2715 TCP’ or generic ‘HTTP’ for every web service policy in your AWS security groups. Now, with SecOps for AWS, you can create meaningful policy names and descriptions for all your AWS services.

AWS rules with the power of DNS
Dome9 MagicDNS lets you use DNS names in your AWS rules. Imagine if you could write rules like, “Allow web traffic to my internal accounting app originating from:,” or “Allow traffic originating from my web servers at to my Databases group” utilizing your own DNS infrastructure.

Audit, log, and archiving of user activity for compliance
Create detailed archive of all policy changes – across different accounts and regions, including user activity, access to instances, and more with granular search capabilities. Keep your audit logs indefinitely, even after your servers have come and gone, so you can look back and report on your security and demonstrate compliance.

Strong system permissions
Specify which users can manage specific security groups. Make services available only to authorized users, on-demand, with time-based controls (our patent-pending Secure Access Leasing) so your instance’s administrative ports aren’t publically accessible to the Internet.

SecOps for AWS Plans and Pricing


  • ➢  X20 Plan – Up to 20 instances for $249 /month
  • ➢  X50 Plan – Up to 50 instances for $599 /month
  • ➢  Enterprise Plan – Unlimited instances and regions. Call us for pricing

Sign up and try Dome9 SecOps for AWS free for 30-days – it takes just 2 minutes to set up your account. You can also check out our other plans