Sep 12, 2011 12:47 pm | Network World

by Tim Greene

Startup Dome9 Security is introducing automated management of firewall settings on servers in physical and virtual environments with the aim of keeping servers locked down with less manual configuration.

The company says the problem is that cloud-based servers are so diversely deployed and flexible that managing their security is complex and time consuming. As a result many servers are left with ports open by default when they could actually be closed most of the time.

Dome9’s service seeks to automate some of that security by setting and enforcing policies on firewalls that are native to virtual or physical server operating systems. The service does not manage third-party firewalls.

RELEASE: HP’s ‘Secure Boardroom’ gives execs comprehensive view of corporate security posture

The company says the service can lock down firewall ports, allowing access only to specified users during specified time windows but closing them at all other times. Administrative ports, for example, can be shut down by default and enabled per server on demand for a specific period of time and for a particular administrator or group.

The service also enables creating different privilege sets for different administrators or groups.

The service could be offered by cloud service providers or businesses could buy the service themselves. Cloud provider GoGrid says it will offer a service based on Dome9’s technology. Customers who buy the Dome9 service directly from Dome9 can use it to manage firewall settings on servers within multiple cloud provider networks, the company says.

Customers can log in via username and password to Dome9’s service and set access policies. Management access to the servers themselves is either through a firewall application programming interface or via a software client running on the server.

The client supports Windows 2008 R2, 2008, 2003 R2 and 2003 as well as Linux versions CentOS/RHEL 5.x and 6.0 and Debian 6.

The service provides auditing that enables viewing when users have logged in, altered policies and accessed machines.

For service providers, the company offers Dome9 Connect, which is software that integrates via API into management of Amazon Web Services EC2 and VPS security groups.

The services are available now. Pricing for business customers starts at $20 per server per month and increases with the number of servers and number of administrators. The company offers a free 14-day trial and a free personal plan in which a customer can support one server and one administrator.

Dome 9 is co-founded by former Check Point Software executive Zohar Alon, Dome9 CEO, and Roy Feintuch, the company’s CTO. The company is funded by Opus Capital.

From: http://www.itnews.com/security/36691/dome9-launches-automated-firewall-management-service