About Secured Networking and Security Services

Aviatrix enables you to embed security in the network rather than attach security to the network. As you build and grow your network, you simultaneously define the monitoring and security rules you intend your network to enforce. The secured networking and security service options are discussed in this section.

Options to have a secured network at the network reachability level, such as network segmentation and Distributed Cloud Firewall, are discussed in the following topics:

Network Segmentation: shows how network domains can or cannot communicate with each other and ability to configure network segmentation for inter-VPC/VNet connectivity (reachability). See Implementing Network Segmentation in an Aviatrix-Managed Network.
Distributed Cloud Firewall: provides granular network security policy enforcement for distributed applications in the cloud. The Aviatrix platform is aware of the native cloud constructs across its managed multicloud networks; this awareness allows the platform to dynamically protect distributed applications as your environments evolve. See Secure Networking with Distributed Cloud Firewall.

Options for security services that further increase the security posture of your networks are discussed in the following topics:

ThreatIQ: provides ability to monitor for security threats in your Aviatrix cloud network, set alerts when threats are detected in the network traffic flows, and block traffic that is associated with threats. See Blocking Known Threat IP Traffic using ThreatIQ.
Anomaly Detection: provides continuous network behavior analysis on your cloud workloads for detecting unusual behaviors or anomalies in the network. See Detecting Network Anomalies using Network Behavior Analytics.
GeoBlocking: provides ability to block IP traffic coming into and coming from a country. See Blocking Traffic from Countries using Geoblocking.

See this link for information about inserting firewalls into your Aviatrix-managed network: FireNet Deployment Workflow.