PROBLEM
Consider an environment that is distributed across multiple VPCs/VNets and encompasses multiple regions and cloud accounts. In the scenario where you need to enforce a security policy within your production environment, it becomes cumbersome to apply the policy consistently across these subnets/VPCs/VNets, regions, and cloud accounts
SOLUTION
Prosimo’s Network object is a flexible construct that represents your subnets/VPCs/VNets in the Prosimo fabric. A Prosimo network object could either consist of a single subnet from within a VPC or a VNet or a collection of subnets across VPCs or VNets. You can use this flexible network object to represent your various environments.
Prosimo delivers a tight multi-cloud security posture by:
- abstracting cloud provider construct diversity into common policy, and;
- delivering deep control and orchestration of cloud-native networking resources.
Traditional Networking ACL focused solely on subnets and addresses. Prosimo layers application security, a higher-layer of specificity in security policy, in addition to its Web Application Firewall, when operators define applications in their policies.
With Network Namespaces, Prosimo enables the creation of groups of networks that are isolated within the multi-cloud transit. A single network group can span regions and cloud providers, delivering control without sacrificing flexibility.
Secure Cloud Networks
Multi-Cloud Transit Security
2. Discover Networks
Multi-Cloud Transit Security refers to the application of policy across multiple regions, clouds, and accounts. Such an approach is required to ensure a common and consistent security posture for multi-cloud implementations and distributed teams, services, and applications.
Network ACL
A common challenge organizations face is applying consistent segmentation policies that span a variety of logical abstractions (AWS Accounts, Azure Subscriptions, VPC’s, VNets, etc.).
Prosimo greatly simplifies this process by allowing users to apply stateful firewall rules that enforce user-defined boundaries without the need to mix and match disparate components that are unique to the individual clouds.
App/Resource ACL
App/Resource ACL refers to Prosimo’s application awareness in applying security policy. By defining applications (endpoints/FQDNs) as ACL destinations operators can:
- Deliver a tighter security posture
- Apply a Prosimo Web Application Firewall to the Policy
Network Namespaces
Network Namespaces allow for the network segmentation/isolation within the Prosimo Multi-Cloud Transit. With Network Namespaces operator can:
- Define isolated network groups within the Multi-cloud Transit
- Overcome challenges with overlapping IP address spaces (Overlapping CIDRs)
WEBINAR
Taming Cloud Networking Costs
Get an overview with our product leaders in support of our latest release Cost 360!
Hosted by:
Scott Raynovich
Mani Ganesan
Navjyoti Sharma
Sign up for Prosimo Lab
Cloud Network Observability
Hands-On Lab Overview:
Prosimo Hands-on Labs are live, small group, instructor-led events focussed on ensuring a safe and impactful learning experience. Interaction/Questions are encouraged.
In this lab, participants will:
- Deploy Prosimo into an existing network environment
- Discover existing networks and network resources
- Manage/Orchestrate resource connectivity across regions & clouds
- Observe and Troubleshoot network patterns & faults
Required Skills:
- Basic understanding of Cloud Networking concepts:
- VPCs, VNETs
- Subnets, Routes
- Peering, Transit Gateways
- Load-balancers, NAT Gateways
- Ability to run Linux shell prompt commands
- Operate input devices: keyboard, mouse
