The Aporeto Platform
The Aporeto Zero Trust Cloud Security Platform provides comprehensive network security solutions that include: Distributed Firewall, Kubernetes Network Security and Cloud Privileged Access Management (PAM) using application identity rather than IP addresses. Aporeto allows you to build and enforce distributed identity-based policies that enable authentication, authorization, and encryption across heterogeneous infrastructure at scale. The Aporeto SaaS-based platform is built for cloud-native applications, simplifies hybrid cloud security, and delivers security at the speed of DevOps.
Application Identity Federation
Since Aporeto secures applications at the network and operating system levels with identity abstraction, Aporeto can normalize identity and security policy across a heterogeneous topology of Linux, Docker, Kubernetes, and Windows servers, as well as human or automated users.
The Aporeto Policy Engine is a policy framework that is centrally managed/visualized, but distributed and enforced locally on application nodes. Unique to Aporeto is the ability to compile comprehensive application identity tags about monitored applications and infrastructure; these tags are derived from enterprise identity sources (including the host, container platform, container image vulnerability scanner, and cloud provider). The policy filtering factors use these identity tags to control operating system calls, file access, and L3/4/7 network access.
Application Identity Broker
Aporeto normalizes application identity from a variety of enterprise sources (e.g. the operating system, the container host, the cloud provider, and third-party sources of metadata such as container image vulnerability scanner, and user OIDC identity providers) by using API calls to broker metadata about monitored applications and infrastructure. Metadata in different domains is normalized in Aporeto for securing application service network access, application API access, and server SSH access.
Aporeto Distributed Policy Enforcer is deployed as either a container or as an enforcement node on an individual host or virtual machine (VM). Any workload outﬁtted with the Distributed Policy Enforcer and working in conjunction with the Security Orchestrator, is enabled with automated issuance and management of security policy at diﬀerent layers of the stack. Distributed Policy Enforcers implement functions that include: threat monitoring, transparent network security, API authorization and authentication.
Aporeto Cloud Security Platform
Aporeto Security Orchestrator
Aporeto Distributed Policy Enforcer
Aporeto provides a uniform approach to security independent of network and infrastructure complexities. Security is moved up the stack to the application level using workload identity, without relying on IP addresses, for granular microsegmentation with seamless distributed security policy management, and end-to-end visualization and enforcement across heterogeneous infrastructure.
Aporeto generates a unique multi-attribute contextual identity for any application component which is created and managed by the Aporeto platform.
Aporeto automates security, monitors and protects applications at L3, L4 and L7 through whitelisting, allowing only authorized and authenticated interactions to occur.
Distributed policies remain portable and persistent across applications and workloads, clouds and clusters no matter where they reside in your hybrid cloud environment for simpler operations and a stronger security solution.
Kubernetes Network Security
Aporeto provides defense-in-depth for Kubernetes and containerized workloads, with consistent policy enforcement across multiple clouds, clusters and heterogeneous infrastructure at scale. The Aporeto Zero Trust SaaS-based solution protects the whole node and not just the pods in a Kubernetes cluster. Aporeto provides developers with greater agility to securely deploy Kubernetes workloads or microservices across hybrid cloud environments with persistent identity-based security.
DevOps teams can accelerate application deployment with security and compliance already incorporated into the policies.
Aporeto integrates seamlessly with other Kubernetes technologies, including all existing and cloud-native container network interface (CNI) architectures and service mesh products such as Istio.
By using one tool to reduce overall security infrastructure complexity, security teams can remain agile experiencing signiﬁcant ROI cost savings.
Aporeto’s Cloud PAM solution enables organizations to eliminate the need for SSH keys and secrets management by implementing just-in-time access policies based on user identities. Every user is issued a unique, ephemeral, time-bound certificate based on his identity, independent of the underlying user account. Every access request is logged, and every access must be explicitly authorized. Organizations can easily secure critical infrastructure and meet compliance requirements.
Aporeto enables to you log all CLI commands issued by users on your hosts centrally, makings audits simple and meeting compliance easier.
Cloud PAM provides secure access to cloud infrastructure and resources while enforcing least privilege role based access by leveraging your corporate identity provider (IdP) for single sign-on (SSO) to issue time bound SSH client certificates to users.
Cloud PAM simplifies secure user access to infrastructure and resources, eliminating the need for SSH key management and secrets management while obviating the need for cumbersome VPNs, IP ACLs, and jump boxes.
Our Platform is
Verified and Trusted
Security Solutions for Your Cloud
Identity-based segmentation of cloud applications to reduce risk and prevent possible bad-actor lateral movement.
Eliminate SSH keys and secrets management with just-in-time, time-bound certificates for users to cloud infrastructure based on leveraging your corporate identity provider (IdP).
Enable single sign-on secure access for users to cloud resources by enforcing least privilege access with a uniform identity model, eliminating the need for VPNs.
Aporeto is accelerating our expansion to the cloud.
Aporeto is accelerating our expansion to the cloud. With Aporeto, we can secure our Linux workloads on any infrastructure with end-to-end encryption and have a path for modernizing with a security layer that is future-proofed.
Director Cloud Infrastructure Operations