Overview

1/1

NOTICE: This listing is now deprecated in favour of the new listing at https://aws.amazon.com/marketplace/pp/prodview-7ulmdnoq5jnwu

CONSOLE INTEGRATION

There are no new UIs to learn the config is stored in Security Groups directly, and the flow & audit logs go to CloudWatch. Because only AWS APIs are used for interfacing, you will never have to leave the AWS console or introduce new tooling.

TRANSPARENT OPERATION

No need to set http_proxy like environment variables or change any code. Everything in the VPC, from VMs to EKS, Fargate, Lambda and even zero-trust WorkSpaces, will have its egress traffic routed via DiscrimiNAT. Swapping to (and from) AWS NAT Gateway is just updating the route tables.

REFINED OPERABILITY

We are an AWS Gateway Load Balancing Partner for Security Appliances and the DiscrimiNAT runs with high-availability, load-balancing & auto-scaling within your VPC. It's also completely maintenance-free!

ENTERPRISE READY

Whether you seek compliance with PCI DSS v4.0 or NIST SP 800-53 AC-4, SC-7 and SC-8, we've got it covered. DiscrimiNAT is hardened to CIS benchmarks, receives quarterly updates (critical OS updates in 10 days) and rolling updates apply with zero downtime.

Highlights

SPOOFING PREVENTION: Unlike AWS Network Firewall, DiscrimiNAT does conduct out-of-band DNS lookups, so TLS SNI spoofing by supply-chain malware will be logged & stopped. It even supports allowing SSH by FQDNs. The next Log4J won't slip through!
LEAST PRIVILEGE EGRESS: You no longer need to apply the entire allowlist to large CIDR ranges hosting multiple applications. The policies are as granular as AWS Security Groups, so each application gets access to only what it needs.
FQDN DISCOVERY: Do not know what needs allowing? With the see-thru monitor mode, egress traffic can be logged without blocking; then a CloudWatch query extracts FQDNs accessed. Watch this 3.5 min video on how easy it is: https://youtu.be/63EfQQiirZQ

Details

Sold by

Chaser Systems

Typical total price

This estimate is based on use of the seller's recommended configuration (t3.small) in the US East (N. Virginia) Region. View pricing details

$0.291/hour

Pricing

Free trial

Try for free

Try this product at no cost for 31 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

DiscrimiNAT Firewall - Deprecated

Info

View purchase options

Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covering your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.

Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.

Region

Usage costs (10)

Info

Instance type	Product cost/hour	EC2 cost/hour	Total/hour
t3.small Recommended	$0.27	$0.021	$0.291
c5.large	$0.27	$0.085	$0.355
c5.xlarge	$0.27	$0.17	$0.44
c5.2xlarge	$0.27	$0.34	$0.61
c6i.large	$0.27	$0.085	$0.355
c6i.xlarge	$0.27	$0.17	$0.44
c6i.2xlarge	$0.27	$0.34	$0.61
c6a.large	$0.27	$0.076	$0.346
c6a.xlarge	$0.27	$0.153	$0.423
c6a.2xlarge	$0.27	$0.306	$0.576

Additional AWS infrastructure costs

Type	Cost
EBS General Purpose SSD (gp2) volumes	$0.10/per GB/month of provisioned storage

Vendor refund policy

You may terminate the EC2 instance(s) or delete the CloudFormation stack(s) at any time to stop incurring charges. Email devsecops@chasersystems.com for questions on billing.

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Delivery method

Version

Delivery details

64-bit (x86) Amazon Machine Image (AMI)

Amazon Machine Image (AMI)

An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

Version release notes

https://chasersystems.com/docs/discriminat/aws/release-notes/

Additional details

Usage instructions

https://chasersystems.com/docs/discriminat/aws/quick-start/

Resources

Vendor resources

Quick Start Guide

Comparison with AWS Network Firewall

Terraform Modules

Support

Vendor support

Contact us for expert help at devsecops@chasersystems.com at any stage of your journey, we'll jump on a screen-sharing call right away! Use of your work email is advised so we can provide support in the right context.

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Get support

Similar products

CIS Microsoft Windows Server 2022 Benchmark - Level 1

By Center for Internet Security

The CIS AMI for Microsoft Windows Server 2022 is hardened in accordance with the associated CIS Benchmark that has been developed by consensus to be the industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.

View product

Kali Linux with support by AskforCloud LLC

By Askforcloud LLC

This product has charges associated with it for support.Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

View product

LibreNMS preconfigured to be ready to use

By Puppeteers

This product has charges associated with it for maintenance of the turnkey experience for the LibreNMS network monitoring system.

View product

vSRX Next Generation Virtual Firewall

By Juniper Networks

Juniper Networks simplifies the complexities of migrating to the cloud. Combined with the agility of AWS, the vSRX Next Generation Virtual Firewall delivers secure connectivity with advanced automation, enabling you to achieve your business goals.

View product

Customer reviews

Write a review

Ratings and reviews

Info

0 ratings

5 star

4 star

3 star

2 star

1 star

0 AWS reviews

1 external reviews

External reviews are sourced from G2 and are not included in the star rating for this product.

Paul S.

Secure egress solution with very straightforward rule configuration

Reviewed on Nov 18, 2021

Review provided by G2

What do you like best about the product?

We really like the speed and simplicity of deployment using Terraform with the vendor-supplied modules, no need for console access, and authorization determined by security group rule descriptions. We initially used the "see-thru" mode to determine existing outbound traffic without enforcement.

We simply replaced our existing NAT Gateways with DiscrimiNAT, added the rules to our security groups, then checked traffic details in CloudWatch logs (AWS) or Cloud Logging (GCP).

It's particularly well suited to our organization with a large number of autonomous teams who want a simple, secure egress solution that's easy to configure, no change to application code, and no need for explicit proxy settings.

DiscrimiNAT is available via AWS and GCP Marketplaces, so it's easy to procure - as the cost is simply included in the monthly cloud provider bill.

There's a high standard of documentation with example Terraform code, and we received a prompt response to a minor technical query.

What do you dislike about the product?

One downside of DiscrimiNAT is that it can't filter on URL path - for example, you can't block all of github.com except for github.com/mycompany. However, implementing that level of control would require an SSL interception solution which isn't suitable for us, due to the need to install the proxy certificate chain as trusted in our server operating systems and applications.

What problems is the product solving and how is that benefiting you?

DiscrimiNAT provides controlled egress to authorized domains from cloud computing environments in AWS and GCP, using TLS and SSH. It significantly reduces the risk of data exfiltration, malware, and command and control using reverse shell attacks.