DiscrimiNAT Firewall

2 reviews

DiscrimiNAT Firewall by Chaser Systems is a transparent, high-availability NAT gateway alternative designed to enhance egress traffic filtering in cloud environments. It enables organizations to specify and enforce outbound connections based on Fully Qualified Domain Names (FQDNs, addressing the limitations of traditional cloud firewall rules that often lack hostname specificity. By integrating seamlessly with existing cloud infrastructure, DiscrimiNAT ensures secure and compliant outbound traffic management without the need for traffic decryption or complex configurations. Key Features and Functionality: - Out-of-Band DNS Lookups: Performs DNS queries independently to verify that the destination IP addresses correspond to the intended FQDNs, preventing TLS SNI spoofing and enhancing security against sophisticated threats. - Simple Configuration: Allows administrators to define allowed destination FQDNs directly within application outbound rules, simplifying policy management and reducing configuration overhead. - FQDN Discovery: Offers a monitoring mode to identify the FQDNs that applications require for egress connectivity, facilitating the creation of precise allowlists and supporting the principle of least privilege. - Simple Deployment: Provides ready-to-use templates for AWS CloudFormation and Google Cloud Deployment Manager, enabling quick and straightforward deployment with safe defaults and minimal manual setup. - Encryption Standards & Compliance: Enforces contemporary encryption protocols such as TLS 1.2, TLS 1.3, and SSH v2, ensuring compliance with standards like PCI DSS v4.0 and NIST SP 800-53. - Integrated Logging: Logs all allowed and disallowed connections directly into native cloud logging services like AWS CloudWatch or Google Cloud Stackdriver, providing rich metadata for analysis without additional configuration. - Transparent & Fast: Operates without requiring TLS termination or outbound proxy configurations, maintaining end-to-end secure connections with minimal impact on performance and application compatibility. Primary Value and Problem Solved: DiscrimiNAT Firewall addresses the challenge of implementing granular egress traffic control in cloud environments where traditional firewall rules lack the capability to filter outbound connections by hostnames. By enabling FQDN-based filtering, it allows organizations to enforce precise egress policies, reducing the risk of data exfiltration, malware communication, and unauthorized access. Its seamless integration with cloud-native tools and straightforward configuration process empower security teams to implement robust egress controls without disrupting existing workflows or requiring extensive maintenance.