CloudGuard Dome9 Help

Full Protection mode - Tamper Protection


In Dome9, Amazon AWS Security Groups can be managed in one of two modes: Full Protection or Read-Only. Full Protection provides the Dome9 administrator with full control of AWS security policy definition, access leases, and the ability to interact with dynamic policy objects.

Full Protection (Dome9 managed)

In Full Protection mode, an AWS Security Group can only be managed from Dome9. Attempts to modify a security group from the AWS environment (such as the AWS console) will be detected by Dome9 and will trigger Tamper Protection and can also send an alert/notification. Dome9 will override the change that is made, and revert it back to the definition of the Security Group defined in Dome9.

Here is an example notification from Dome9 Tamper Protection:

Screen_Shot_2018-05-30_at_4.33.02_PM.png

The alerts and notifications initiated from Tamper Protection occur when you turn on Full Protection for the desired regions in your cloud account. Dome9 will lock down the configuration of the security groups within that region to ensure that the security group stays properly configured.

In this notification, Dome9 identified and detected an unauthorized change to the security group and reverted it to the previous configuration.