Aporeto is an identity-powered security solution. Think of Aporeto as “Okta for workloads.” In other words, Aporeto provides an identity for services, thereby enabling end-to-end authentication, authorization, and (optionally) encryption for cross-service communications. One of Aporeto’s applications is granular network segmentation.
The Aporeto platform protects cloud applications from attack through authentication and authorization for a Zero Trust security posture. Because of its approach, Aporeto alleviates reliance on unmanageable error-prone IP white-list policies. A distributed homogeneous security policy is enforced per workload, independent of network or infrastructure configuration, enabling uniform security orchestration across multi-cloud environments.
The Aporeto platform has two main components:
- Aporeto Security Orchestrator is the control panel. lt is responsible for policy management, data collection and aggregation, analytics, and other important functions. The Aporeto Security Orchestrator has a rich and flexible set of interfaces that make it interoperable with a broad set of enterprise platforms, systems, and security operations workflows.
- Enforcers are distributed in key control points of the network, enabling the enforcement of policy at different layers of the stack. Enforcers implement functions such as continuous threat monitoring, transparent network security, API authorization, and authentication. ln the above figure, Enforcers are deployed in servers. Other Enforcer deployment scenarios are possible by integrating with third-party systems such as Docker clusters, serverless architectures, and lstio and Kubernetes.
To learn more information about the Aporeto platform, read our technical document here.