Dome9 Clarity gives a graphical visualization of the Security Groups in your cloud environment, and their effects on the cloud assets in the environment. It shows the Security Groups, traffic sources, and permitted traffic paths in the cloud network. The view is organized logically, according to the level of exposure of the Security Group to the external world.

There are two main views in Clarity. The Security Groups view, shows all the Security Groups and the traffic flows in the network, from most exposed to most internal. The second view, the Effective Policy view, shows the Security Groups as they affect assets in the environment (such as instances). In this view, Security Groups that affect the same asset are grouped together, and Security Groups that do not affect any assets are not shown. You can switch between the two views.

In each view, you can see details for individual Security Groups and then drill down to show further details for the Security Group rules and the instances affected by it.

You can view environments in all three cloud providers. Some of the details shown in the views vary according to the provider.

You can also view AWS CloudFormation Templates (CFT), to visualize environments in the design stage and not yet deployed.

You can use Clarity to analyze your cloud network for security issues such as access to sensitive components from the internet, or to troubleshoot it for connectivity issues such as blocked paths to components.


  • logical visualization of inbound traffic to your VPC and its components, and the cloud perimeter

  • visualize complex networks (e.g., with many instances, cross-VPC, cross-region)

  • easily identify security issues, blocked paths

  • Effective Policy view gives a simplified view by aggregating Security Groups that affect common cloud instances, and hiding those that don't affect any instances

  • agent-less & automated information gathering from Cloud environments

  • auto-classification of protected cloud assets based on the level of exposure to the outside world

  • real-time topology map of security groups, and the interrelationships between security policies

  • visualization of traffic flow and dropped traffic between cloud assets - security groups, instances, etc.

  • visualization of architecture templates (such as AWS CFTs) to inspect and collaborate prior to deployment

  • real-time topology view of cloud assets

  • visibility into the interplay between security policies for multi-tier applications and the effective security posture in a cloud environment

  • uniform cross-cloud security visualization experience

  • contextual VPC flow logs

  • visualize virtual networks connectivity

Use Cases

  • uncover network security and operational issues

  • understand the security relations between elements in the virtual network

  • inspect the real-time traffic running through the elements in the VPC

  • find elements with identical security configurations

  • understand the connections between virtual networks

  • troubleshoot a new cloud environment: blocked/open connections etc; redundant, contradictory policies

  • evaluate a cloud design (template)

  • real-time evaluation of changes to a cloud deployment or security policies

How to use Clarity

The following sections explain how to select and then visualize a cloud environment in Clarity, how to use the different views, and the actions you can perform to see additional information.

See also

Clarity for AWS accounts

Clarity for Azure accounts

Clarity for GCP accounts

AWS VPC Peering