Aporeto, a Zero Trust security solution for microservices, containers and the cloud, announced the release of Aporeto Enterprise 2.0. Aporeto’s security platform introduces a new contextual application identity for every application component or process as a new security control point to better protect cloud-native enterprise applications – a challenging environment that strains legacy security approaches. Aporeto enables a complete set of security capabilities required for securing microservices and cloud applications across network security, application programing interface (API) access control, runtime threat and vulnerability management, and identity management. These security capabilities are powered by the combination of distributed security policy and the Aporeto application identity, a multi-attribute contextual identity for any application component created and managed by the Aporeto platform.
As businesses aggressively transition their IT infrastructure to the cloud in pursuit of speed and agility, they’re learning their legacy security is painfully tethered to complex, static networks and infrastructures. Meanwhile, microservices, containers and serverless technologies are allowing enterprises to build and deploy applications with ever increasing speed. But security teams have diminishing control and visibility into what is happening with these applications, especially as they become distributed across public, private and hybrid cloud infrastructures. Enabling the business to move fast and to the cloud requires rethinking of static, perimeter-centric security and moving to a more dynamic and automated Zero Trust security model.
Containers are not inherently unsecure, but they are being deployed in an unsecure manner by developers, with little or no involvement from security teams and not much guidance from security architects, according to Gartner. Traditional host-based and network security solutions are blind to containers. Container security solutions protect the entire life cycle of containers from creation into production, and most container security solutions provide preproduction scanning combined with runtime monitoring and protection.
Aporeto’s approach is based on the Zero Trust principles that assumes everything is accessible all the time and any part of the infrastructure could be compromised at any time. With a Zero Trust mindset, security teams regain effective control and visibility of cloud-native applications by making security automated, scalable and infrastructure agnostic. This model stands in stark contrast to traditional approaches to security that provide static, infrastructure-dependent protection that is tightly coupled to the network and must constantly be reconfigured to address application needs.
“We’ve learned from our customers that cloud-native technologies are really testing the assumptions of legacy security models, so we’ve evolved Aporeto to address the complete set of requirements for securing microservices,” said Jason Schmitt, CEO, Aporeto. “While network security, container threat, and vulnerability management are critical components of comprehensive microservices security, they’re just part of the solution for operating securely in Zero Trust environments. APIs and identity in particular are areas of cloud-native applications that are often overlooked and underserved in most security programs.”
Aporeto secures applications across hybrid and multi-cloud deployments by leveraging application identity – a multi-attribute contextual identity for any application component created and managed by the Aporeto platform. Unique identities for each application resource allow Aporeto to automatically create distributed security policies and enforce security at a granular process level. Because the policy enforcement is based on identity and decoupled from the network and infrastructure, the security protection moves and scales with the application regardless of where it runs. At runtime, the addition of behavioral analysis and vulnerability data enriches the application identity to create dynamic security visibility and protection.
Key features of Aporeto Enterprise 2.0 include:
- Microservices & API Security: Aporeto offers out-of-the-box service-to-service and user-to-service authentication, authorization and encryption. Users also have uniform API access control policy across services in public or private cloud, and composite user and app identity policy enforcement, without having to build identity management infrastructure into the application business logic. In addition, the Aporeto solution comes with CI/CD and vulnerability assessment integration for rich contextual service identity.
- Network Security: Aporeto provides application micro-segmentation and workload isolation independent of network configuration, protecting workloads in complex cloud environments and reducing compliance scope. Aporeto also supplies protection against malicious application discovery, automated flow for telemetry logging and transparent encryption offload.
- Identity Management: Aporeto enables automated application and service identity creation, validation, attestation and assignment with user identity and single sign-on integration. The Aporeto platform includes a complete out-of-the-box PKI infrastructure for microservices and certificate issuance, verification, rotation, revocation and secrets management.
- Threat & Vulnerability Management: Aporeto now includes continuous vulnerability analysis of container images and runtime threat detection and protection based on behavioral analysis. This security data enriches the application identity to inform runtime policy detections and makes possible advanced analytics and correlation of identity, network and application context for high-fidelity, cloud-native security alerting to external SecOps workflows (SIEM, SOAR, ITSM).
Aporeto Enterprise 2.0 is available immediately as SaaS or on-premise.