Aporeto,
a Zero Trust security solution for microservices, containers and the
cloud, today announced the release of Aporeto Enterprise 2.0. Aporeto's
security platform introduces a new contextual application identity for
every application component or process as a new security control point
to better protect cloud-native enterprise applications - a challenging
environment that strains legacy security approaches. Aporeto enables a
complete set of security capabilities required for securing
microservices and cloud applications across network security,
application programing interface (API) access control, runtime threat
and vulnerability management, and identity management. These security
capabilities are powered by the combination of distributed security
policy and the Aporeto application identity, a multi-attribute
contextual identity for any application component created and managed by
the Aporeto platform.
As businesses aggressively transition their IT infrastructure to the
cloud in pursuit of speed and agility, they're learning their legacy
security is painfully tethered to complex, static networks and
infrastructures. Meanwhile, microservices, containers and serverless
technologies are allowing enterprises to build and deploy applications
with ever increasing speed. But security teams have diminishing control
and visibility into what is happening with these applications,
especially as they become distributed across public, private and hybrid
cloud infrastructures. Enabling the business to move fast and to the
cloud requires rethinking of static, perimeter-centric security and
moving to a more dynamic and automated Zero Trust security model.
Containers are not inherently unsecure, but they are being deployed in
an unsecure manner by developers, with little or no involvement from
security teams and not much guidance from security architects, according
to Gartner. Traditional host-based and network security solutions
are blind to containers. Container security solutions protect the entire
life cycle of containers from creation into production, and most
container security solutions provide preproduction scanning combined
with runtime monitoring and protection.
Aporeto's approach is based on the Zero Trust principles that assumes
everything is accessible all the time and any part of the infrastructure
could be compromised at any time. With a Zero Trust mindset, security
teams regain effective control and visibility of cloud-native
applications by making security automated, scalable and infrastructure
agnostic. This model stands in stark contrast to traditional approaches
to security that provide static, infrastructure-dependent protection
that is tightly coupled to the network and must constantly be
reconfigured to address application needs.
"We've learned from our customers that cloud-native technologies are
really testing the assumptions of legacy security models, so we've
evolved Aporeto to address the complete set of requirements for securing
microservices," said Jason Schmitt, CEO, Aporeto. "While network
security, container threat, and vulnerability management are critical
components of comprehensive microservices security, they're just part of
the solution for operating securely in Zero Trust environments. APIs and
identity in particular are areas of cloud-native applications that are
often overlooked and underserved in most security programs."
Aporeto secures applications across hybrid and multi-cloud deployments
by leveraging application identity - a multi-attribute contextual
identity for any application component created and managed by the
Aporeto platform. Unique identities for each application resource allow
Aporeto to automatically create distributed security policies and
enforce security at a granular process level. Because the policy
enforcement is based on identity and decoupled from the network and
infrastructure, the security protection moves and scales with the
application regardless of where it runs. At runtime, the addition of
behavioral analysis and vulnerability data enriches the application
identity to create dynamic security visibility and protection.
Key features of Aporeto Enterprise 2.0 include:
-
Microservices & API Security: Aporeto offers out-of-the-box
service-to-service and user-to-service authentication, authorization
and encryption. Users also have uniform API access control policy
across services in public or private cloud, and composite user and app
identity policy enforcement, without having to build identity
management infrastructure into the application business logic. In
addition, the Aporeto solution comes with CI/CD and vulnerability
assessment integration for rich contextual service identity.
-
Network Security: Aporeto provides application
micro-segmentation and workload isolation independent of network
configuration, protecting workloads in complex cloud environments and
reducing compliance scope. Aporeto also supplies protection against
malicious application discovery, automated flow for telemetry logging
and transparent encryption offload.
-
Identity Management: Aporeto enables automated application and
service identity creation, validation, attestation and assignment with
user identity and single sign-on integration. The Aporeto platform
includes a complete out-of-the-box PKI infrastructure for
microservices and certificate issuance, verification, rotation,
revocation and secrets management.
-
Threat & Vulnerability Management: Aporeto now includes
continuous vulnerability analysis of container images and runtime
threat detection and protection based on behavioral analysis. This
security data enriches the application identity to inform runtime
policy detections and makes possible advanced analytics and
correlation of identity, network and application context for
high-fidelity, cloud-native security alerting to external SecOps
workflows (SIEM, SOAR, ITSM).
Aporeto Enterprise 2.0 is available immediately as SaaS or on-premise.
For more information or to schedule a demo, please visit this
website.