Clarity


CloudGuard (Dome9) Clarity gives graphical visualizations of the network security of your cloud environment. It has a view that show the hierarchy and structure of your Security Groups, and another that shows your cloud assets and their interconnectivity. These views are arranged to show the level of exposure to the external world. From this you can identify assets that are misconfiigured in the network, or overly exposed. You can also drill down from these views to see details in CloudGuard for the Security Groups or assets, and make corrections directly in CloudGuard.

You can use Clarity to analyze your cloud network for security issues such as access to sensitive components from the internet, or to troubleshoot it for connectivity issues such as blocked paths to components.

Benefits

  • logical visualization of inbound traffic to your VPC and its components, and the cloud perimeter

  • visualize complex networks (e.g., with many instances, cross-VPC, cross-region)

  • easily identify security issues, blocked paths

  • agent-less & automated information gathering from Cloud environments

  • auto-classification of protected cloud assets based on the level of exposure to the outside world

  • real-time topology map of security groups, and the interrelationships between security policies

  • visualization of traffic flow and dropped traffic between cloud assets - security groups, instances, etc.

  • real-time topology view of cloud assets

  • visibility into the interplay between security policies for multi-tier applications and the effective security posture in a cloud environment

  • uniform cross-cloud security visualization experience

  • contextual VPC flow logs

  • visualize virtual networks connectivity

Use Cases

  • uncover network security and operational issues

  • understand the security relations between elements in the virtual network

  • inspect the real-time traffic running through the elements in the VPC

  • find elements with identical security configurations

  • understand the connections between virtual networks

  • troubleshoot a new cloud environment: blocked/open connections etc; redundant, contradictory policies

  • real-time evaluation of changes to a cloud deployment or security policies

Clarity Views

Clarity offers different views of your Security Groups, each highlighting different aspects of the Security Groups.

The following sections explain how to select and then visualize a cloud environment in Clarity, how to use the different views, and the actions you can perform to see additional information.

Security Group View

This view shows the relationship between the Security Groups in your network. They are grouped logically, according to exposure to the internet, and their interconnections are shown.

The steps below explain how to select a network and open this view, and then how to navigate and use the view.

The Asset View

This view shows your cloud assets, such as instances and database servers, and the connections between them. Each node in this view shows an asset. They are grouped logically, according to exposure to the internet, and their interconnections are shown.

This view is available for all cloud providers.

Navigation and controls

See also

AWS VPC Peering

Clarity