Guardrails for perimeter control

Comprehensive and proactive enforcement of zero-trust perimeter policies.

Turbot Team
3 min. read - Feb 11, 2020
Comprehensive and proactive enforcement of zero-trust perimeter policies.

Realtime perimeter guardrails are the right way to protect against misconfiguration and malicious insiders. Turbot Guardrails comprehensively and proactively enforces zero-trust policies for network and identity (IAM) security perimeters. Because Guardrails takes immediate action when resources are not configured according to your perimeter-control policies, your cloud stays continuously secure.

Here are the most common ways to use Guardrails' perimeter controls.

Implement least-privilege and zero-trust

Automatically remove unapproved and overly-permissive access to ensure that cloud resource and IAM policies grant the least privilege necessary.

Disable unapproved cross-account access

Manage resources policies to ensure access is granted only to trusted accounts, identities, and organizations.

Segment private resources

Limit sensitive data and applications to defined network segments. Guardrails automatically ensures that your sensitive data is provisioned in the correct private subnets.

Restrict firewall configurations

Remove exposing firewall rules from your security groups to ensure no unauthorized access is coming from specific CIDR ranges and ports.

Implement secure routing policies

Create and enforce secure routing policies to direct network traffic through predefined paths and approved gateways; prohibit public routing. Guardrails' routing security checks help lower the risk of unauthorized access or data leakage.

Limit public IP address usage

Ensure that resources are internal-facing by default. Guardrails can disassociate and remove public IP addresses not specifically allowed.

Configure cloud networks

Define and deploy your organization's standard network configuration across all cloud accounts. Guardrails will deploy the resources and manage configuration drift to remediate misconfiguration or unauthorized change.

Ensure network traffic logging

Enforce the rule that flow logs are configured for logging and downstream analysis. Guardrails proactively ensures your traffic is logged when new networks and resources are created, so you don't miss any activity.

Make exceptions to the rule

Guardrails' robust hierarchical exception model makes it easy to set global rules and then — without complex coding — create exceptions for specific accounts, regions, or resources.

Get Started with Guardrails

Enforcing cloud perimeter guardrails is crucial to maintenance of an organized and secure cloud environment. Turbot Guardrails delivers a powerful and flexible way to manage and enforce encryption requirements across various cloud resources.

Are all of your resources protected from exposure? We would love to show you how Guardrails can make it so with our policy-driven automation and a little magic. Connect with us to discuss your use cases and learn how Turbot can streamline your cloud security controls across AWS, Azure and GCP.