For Omar Caban, the attacks on his company’s virtualized Web servers were relentless. Every day, the servers were hit by more than 50 attacks, most of them traced to IP addresses in China. The attackers would try to break the system password and gain root access, said Caban, president and CEO at Best Growth Stock LLC, which provides investors with the latest stock market information, news and investment analysis.
The Lake Tahoe, Nev.-based company started using CloudFlare as a DNS proxy, but hackers were still trying to access the servers, Caban said. CloudFlare referred him to Dome9 Security Ltd., a Tel Aviv-based startup that provides a cloud-based firewall management service. “Amazingly, once it was running, we had zero attacks,” he said.
Now, not only does the company not have to spend hours trying to fend off server attacks, the servers run faster, which is critical for his growing business, Caban said.
Dome9’s security Software as a Service (SaaS), which the company unveiled in September, is designed to automate and streamline security management for private and public cloud infrastructures through its Secure Access Lease technology. The security SaaS provides dynamic, time-based access to servers; administrative access is closed by default and opened for administrators only for as long as it’s needed.
The vast majority of cloud and virtual private servers are vulnerable to attack because “administrators leave ports open on those machines,” said Dave Meizlik, vice president of marketing at Dome9. “If you leave the ports open on a cloud machine, all the hacker has to do is try to connect on that port and guess the username and password. There are plenty of dictionary and brute force attacks that make that easy.”
The Dome9 security SaaS gives enterprises and cloud providers the ability to close administrative ports without losing control of the machine, he said. “The hackers never have the opportunity to guess the password, and you retain control with the ability to open ports on demand, on the fly.”
To gain access to a server, an administrator goes to the Dome9 Central Web service, and requests a Secure Access Lease, which by default allows one hour of access for a specific server and protocol, connecting from a specific IP. Dome9 works via agents for Linux and Windows servers running a variety of virtualization technologies. Dome9 also provides an API-based integration module to manage Amazon EC2 and Amazon Virtual Private Cloud (VPC) Security Groups.
The platform allows for users to generate invitations for one-time access passes to third parties for a specific port on a server; the invitation grants access without the third party needing to log in through Dome9 Central. It also features auditing functionality that provides visibility into user access and activities.
The pay-as-you-go service costs $20 per server per month.
Meizlik said many organizations use multiple cloud providers, or have hybrid cloud environments; Dome9 provides centralized firewall management across multiple cloud servers. “We centralize the management and automate it, so it’s easy and elastic, just as the cloud is,” he said.
Rich Mogull, founder of Securosis LLC., an independent security consulting firm, said Dome9 is particularly useful for managing security for public cloud, where users can’t rely on physical access to a machine, but rather must use remote connections. Controlling that remote access is critical, since opening a port for one IP address has the potential to open it up to the entire Internet, he said.
Dome9, along with CloudFlare and another startup, CloudPassage, are what Mogull calls “the new cloud security kids on the block.” The startups are “building cloud-specific tools from the ground up as opposed to extending traditional security,” he said.
San Francisco-based CloudPassage recently announced a new feature for its Halo platform security Software as a Service that provides similar functionality to Dome9. Called GhostPorts, the feature allows users to temporarily open up a network connection for an administrator using a hardware-based authentication token.
Richard Stiennon, founder of analyst firm IT-Harvest, said Dome9’s security SaaS seems like a “no brainer” for companies looking for help in managing their server firewalls, whether they’re in the cloud or dedicated virtual servers. Keeping track of firewall rules is something Dome9’s founders are familiar with because of their work at Check Point Software Technologies, he added.
Zohar Alon, CEO and co-founder of Dome9, worked at network security provider Check Point Software Technologies, where he launched Provider-1, a management product for service providers.