It's been two months since this profile received a new review

DiscrimiNAT Firewall Reviews & Product Details

The DiscrimiNAT Firewall is a transparent, proxy-less Managed NAT alternative to discover & filter egress traffic by FQDNs in a Shared VPC. It's built upon our cutting-edge technology, Wormhole DNS, that handles highly variable, low TTL and load-balanced domain name resolution results perfectly well to give your applications uninterrupted access to allowed destinations. CONSOLE INTEGRATION There are no new UIs to learn – the configuration is stored in cloud resources directly, and the flow & audit logs go to the native logging service. GitOps FTW because only cloud's APIs are used for interfacing, you will never have to leave the cloud console. SPOOFING PREVENTION Unlike SNI only or Suricata based, DiscrimiNAT does conduct out-of-band DNS lookups, so TLS SNI spoofing by supply-chain malware will be logged & stopped. It even supports allowing SSH by FQDNs. The next Log4J won't slip through! SAFE WILDCARDS Public Suffix List safeguard in place, by default, to reject wildcard patterns matching all tenants on a CSP or a CDN (aka Effective TLDs); precise patterns can also be configured with use of glob characters (*, ?). TRANSPARENT OPERATION No need to set http_proxy like environment variables or change any code. Everything in the VPC, from VMs to k8s and Serverless, will have its egress traffic routed through DiscrimiNAT. Swapping to (and from) Managed NAT is just changing a route table entry. FQDN DISCOVERY Don't know what needs allowing? With the ‘see-thru’ monitor mode, egress traffic can be logged without blocking; then a CLI command extracts FQDNs accessed. We have a 3½ min video on how easy it is! LEAST PRIVILEGE EGRESS You no longer need to apply the entire allowlist to large CIDR ranges hosting multiple applications. The policies are as granular as native firewall rules/security groups, so each application gets access to only what it needs. This translates to micro-segmentation in Zero Trust architectures. DEVELOPER GUARD RAILS With bidirectional enforcement of TLS 1.2+ and SSH v2, automated expiry of exemptions, dropping unencrypted Internet-bound traffic, etc., each feature has been carefully designed to avoid footguns. REFINED OPERABILITY DiscrimiNAT integrates with cloud's native load balancers and runs with high-availability, load-balancing & auto-scaling within your VPC. It's also completely maintenance-free! ENTERPRISE READY Whether you seek compliance with PCI DSS v4.0 or NIST SP 800-53 AC-4 , SC-7 and SC-8, we've got it covered. Also, DiscrimiNAT is hardened to CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0 Level 2 - Server. Besides the quarterly updates, critical OS updates are released in less than 10 days and rolling updates apply seamlessly.

Seller

Chaser Systems

Discussions

DiscrimiNAT Firewall Community

Product Description

DiscrimiNAT Firewall by Chaser Systems is a transparent, high-availability NAT gateway alternative designed to enhance egress traffic filtering in cloud environments. It enables organizations to specify and enforce outbound connections based on Fully Qualified Domain Names (FQDNs, addressing the limitations of traditional cloud firewall rules that often lack hostname specificity. By integrating seamlessly with existing cloud infrastructure, DiscrimiNAT ensures secure and compliant outbound traffic management without the need for traffic decryption or complex configurations. Key Features and Functionality: - Out-of-Band DNS Lookups: Performs DNS queries independently to verify that the destination IP addresses correspond to the intended FQDNs, preventing TLS SNI spoofing and enhancing security against sophisticated threats. - Simple Configuration: Allows administrators to define allowed destination FQDNs directly within application outbound rules, simplifying policy management and reducing configuration overhead. - FQDN Discovery: Offers a monitoring mode to identify the FQDNs that applications require for egress connectivity, facilitating the creation of precise allowlists and supporting the principle of least privilege. - Simple Deployment: Provides ready-to-use templates for AWS CloudFormation and Google Cloud Deployment Manager, enabling quick and straightforward deployment with safe defaults and minimal manual setup. - Encryption Standards & Compliance: Enforces contemporary encryption protocols such as TLS 1.2, TLS 1.3, and SSH v2, ensuring compliance with standards like PCI DSS v4.0 and NIST SP 800-53. - Integrated Logging: Logs all allowed and disallowed connections directly into native cloud logging services like AWS CloudWatch or Google Cloud Stackdriver, providing rich metadata for analysis without additional configuration. - Transparent & Fast: Operates without requiring TLS termination or outbound proxy configurations, maintaining end-to-end secure connections with minimal impact on performance and application compatibility. Primary Value and Problem Solved: DiscrimiNAT Firewall addresses the challenge of implementing granular egress traffic control in cloud environments where traditional firewall rules lack the capability to filter outbound connections by hostnames. By enabling FQDN-based filtering, it allows organizations to enforce precise egress policies, reducing the risk of data exfiltration, malware communication, and unauthorized access. Its seamless integration with cloud-native tools and straightforward configuration process empower security teams to implement robust egress controls without disrupting existing workflows or requiring extensive maintenance.

Overview by

Dhruv AHUJA