The discrimiNAT firewall is a solution to blocking traffic to unauthorized destinations, by hostnames, over HTTPS/TLS and SSH/SFTP connections. It works by monitoring data flows with our bespoke Deep Packet Inspection engine, inline as a NAT Instance on the egress of your VPC.

Simple Configuration

Enable micro-segmentation for Zero Trust architectures by specifying allowed protocol and hostnames within the respective applications' Security Groups' rules' description fields.

Allowlist Building

With its 'see-thru' mode, specific apps can be monitored safely until a given date. A CloudWatch query will reveal all the FQDNs you will need to get enforcing without disruption.

DevOps Deployment

From complete multi-zone configurations to DIY deployments so you can configure the networking around it, we have all the IaC ready to go in our CloudFormation library / Terraform Registry.

Standards & Compliance

Enforces the use of contemporary encryption such as TLS 1.2+ and SSH v2 with bidirectional in-band checks. Also conducts out-of-band checks, such as DNS, for robust defence against sophisticated malware and ransomware.

Integrated Logging

The firewall logs each change and connection allowed or disallowed straight into CloudWatch with rich metadata for analysis.

Transparent & Fast

Does not require TLS termination or configuration of applications to use a proxy. Results in significantly faster, end-to-end secure connections with no impact on component substitutability.