News & Events

Aviatrix Software-Defined Cloud Routing Solution Adds Important Security Measures for AWS VPCs

Enterprises can now eliminate the blind spots in VPC egress traffic, with centralized egress traffic management to boost security and achieve compliance
PALO ALTO, Calif., August 6, 2018

Aviatrix, the pioneer in software-defined (SD) cloud routing and an inaugural AWS Network Competency partner, today announced a new security capability for its AVX SD cloud routing solution. The AVX virtual private cloud (VPC) egress security feature makes it easy to both discover and control internet traffic leaving Amazon Web Services (AWS) VPCs, allowing organizations to more effectively secure egress traffic against internal threats and external attacks.

The AVX VPC egress security capability also enables organizations to comply with internal best practices and industry regulations such as Payment Card Industry (PCI) standards, which require controls and restrictions in place to deny unauthorized outbound traffic related to cardholder data.

“Moving resources to the public cloud doesn’t absolve organizations of the strict security and regulatory requirements governing how they manage their enterprise data traffic,” said Aviatrix CEO Steven Mih. “Internet-bound VPC egress traffic has been a blind spot, making it nearly impossible for cloud engineers to distinguish between legitimate and illegitimate destinations. As organizations move more of their workloads to the public cloud, they need cloud-specific tools to give them both visibility into and control over AWS VPC egress traffic.”

Growth In VPCs Drives Urgency for Easier Cloud Security and Compliance

One important example of the need for easy-to-manage VPC egress security is compliance with PCI standards dictating how companies must securely collect, store, process and transmit credit card-related information. Organizations failing to comply with PCI standards, or unable to prove compliance, risk significant financial penalties. The PCI Data Security Standard explicitly calls out requirements for internet-bound traffic, specifying that companies must restrict traffic to only the data necessary for cardholder transactions, while actively denying all other traffic.

As organizations add more and more VPCs—usually as silos spun up by various DevOps and cloud teams within an organization—legacy networking tools make it difficult for cloud teams to provide corporate compliance officers with information about whether network traffic is violating regulatory requirements or exposing confidential intellectual property or personally identifiable information (PII).

Legacy networking approaches—including cloud routers based on virtualized hardware routers and virtualized firewall products—also strain operational efficiency by requiring egress traffic requests to undergo a tedious process of trouble tickets and manual configuration and testing. Similarly, open-source web proxies, which cache and forward website requests, require manual configuration of policies on a per-VPC basis and offer limited protocol support, making them insufficient for use in cloud deployments.

In contrast, Aviatrix boosts operational efficiency of cloud teams by automating the process: evaluating egress traffic filtering requests—across any port and protocol, including Simple File Transfer Protocol (SFTP)—against a master list of allowed or denied sites, then configuring the AVX Gateway to respond accordingly.

Aviatrix AVX Makes ‘Missing’ Egress Traffic Visible

Aviatrix enables enterprises to visualize and centrally manage security for all their AWS VPCs and Microsoft Azure Virtual Networks (VNets), including discovery and control over egress traffic. In-line AVX Gateways implement both SD cloud routing and the new VPC egress security functions—in addition to providing IPSec encryption for data in motion, VPC segmentation, Layer 4 security policies and logging. The AVX Gateways are deployed, configured and managed by the AVX Controller, a point-and-click, centralized management console with REST API support that can be easily operated by either cloud ops or network engineers.

Using the Aviatrix solution, it’s easy to distinguish legitimate outbound VPC traffic—such as conducting enterprise software updates, making API calls, or using a third-party application or software-as-a-service (SaaS) solution over the internet—from illegitimate requests that can put enterprise data at risk or result in a failed compliance audit.

While previous approaches specified egress policies at the IP address level, AVX VPC egress security can handle domain names with multiple IP addresses, as well as overcoming public cloud providers’ limitations on the number of IP addresses that can be filtered. By providing Layer 7, fully qualified domain name (FQDN) discovery from AWS EC2 instances in the VPC, Aviatrix enables organizations to filter for specific IP addresses, hostnames and websites across any port and protocol.

The new VPC egress security feature is available now as part of the Aviatrix software-defined cloud routing solution, deployed with an Amazon Machine Image (AMI) or with the Aviatrix Hosted Service (SaaS), with pricing based on FQDN egress filtering per gateway, per hour. Free trials are available at the Aviatrix website.

About Aviatrix

Aviatrix, the pioneer in software-defined (SD) routing for the cloud era, was founded by ex-Cisco network engineer Sherry Wei to make cloud networking as simple and dynamic as cloud storage and compute. Aviatrix provides point-and-click, secure networking software for cloud engineers to run hybrid and multicloud environments. Purpose-built for Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform public clouds, Aviatrix treats the network as code—a software-defined approach that simplifies and automates all cloud networking. Aviatrix delivers software that shortens cloud connectivity setup time from weeks to minutes, while automating configuration and management of network connectivity, security and troubleshooting. Aviatrix is based in Palo Alto, Calif. Learn more at www.aviatrix.com or follow the company on Twitter @aviatrixsys.

Media Contact

Aviatrix Systems
411 High Street
Palo Alto, California 94301

pr@aviatrix.com

Aviatrix on ‘AWS This is My Architecture’
6:31 min | Share
Customer Testimonial: GREE Deploys VPCs Faster with Aviatrix
2:22 min | Share
Deploying Aviatrix using Terraform Provider
3:14 min | Share

Take a closer look at Aviatrix hybrid cloud solutions.


Simplify Workload Migration with Hybrid Cloud Networking

Analyst Report
By Enterprise Strategy Group

Download this free analyst report and learn to solve application migration challenges with Hybrid Cloud Networking.

Quantifying Business Benefits of Aviatrix Hybrid Cloud Networking

White Paper

Leveraging in-depth customer interviews, this paper identifies use cases enterprises can pursue with the Avaitrix hybrid cloud networking solution.

Next Generation Cloud-Native Networking

White Paper

Cloud teams are transforming VPC networking — all driven by automation instead of manual interfaces — to take a more strategic approach to cloud connectivity.

Lab Review: Networking Integration with Amazon Web Services — Aviatrix

Analyst Report
By Enterprise Strategy Group

This ESG Lab Review documents hands-on testing of the Aviatrix solution and how it integrates with AWS.