DiscrimiNAT Firewall
Replace cloud NAT gateway with a drop-in alternative that adds egress security – without breaking existing applications.
↗Zero-downtime migration from cloud NAT
↗No per-GB data charges (save on egress costs)
↗No CA certs or proxy config needed
↗TLS SNI spoofing detection
↗Rollback to cloud NAT in under 1 minute
↗Monitor mode to discover FQDNs first
↗Per-app dry-run mode before enforcement
↗PCI DSS, SOC 2, NIST 800-53 ready
Built in Rust
↗Memory Safety
↗Thread Safety
↗High Performance
Trusted by Security and Platform teams across fintech, healthcare, retail, and technology sectors.
“The domain based rules in AWS firewall are pretty much a joke as it is based only on tls.sni that you can easily spoof, that doesn't really meet our standards.”
EX-UNIT 8200 CEO | CYBERSECURITY STARTUPon AWS
“The rollback capability gave us confidence to deploy in Production. We could always fall back to the Managed NAT gateway if needed.”
PLATFORM ENGINEER | FINTECHon AWS
“It's really fast and performant. We deploy it with the Terraform module and it's maintenance-free for us. Price is also good.”
PLATFORM ENGINEER | MANUFACTURINGon GCP
“No TLS decryption means no privacy concerns, no certificate management, and no performance overhead. Perfect for compliance.”
SECURITY ARCHITECT | HEALTHCAREon AWS
“The zero false positives claim from Wormhole DNS verification turned out to be accurate. Our SOC stopped chasing phantom alerts.”
SOC MANAGER | INSURANCEon GCP
“We really like the speed and simplicity of deployment using Terraform with the vendor-supplied modules, no need for console access.”
CLOUD SECURITY ENGINEER | ENTERPRISEon AWS and GCP
Drop-in NAT gateway replacement
Out-of-band DNS spoofing detection
Rollback to Cloud NAT in under 1 minute
Zero false positives with Wormhole DNS
No per-GB data processing charges
two½ minute demowhere we are3 Laundress Ln
Cambridge CB2 1SD
United Kingdom