Application-Centric Security for Kubernetes

Kubernetes networking is open by default. Moreover, microservices architecture presents an increased attack surface and potential for damage once one app in the k8s-cluster gets compromised.

 

With a single click, Araali’s Application Centric Security auto-segments the k8s cluster on app boundaries and ensures compromises are contained and damages are limited.

Why Kubernetes needs an App-Centric Firewall

App centricity helps security match the speed and agility of k8s.

Applications are a natural security perimeter

When one app gets compromised, it doesn’t put other apps at risk in a shared k8s cluster.

Privileges should be verified for an Identity

Apps have a natural identity lending to true zero trust networking (least privilege) that prevents lateral movement and exfiltration.

Intra-app chatter can be overwhelming

Apps provide a natural boundary to hide internal microservices and achieve the attack surface of the corresponding monolith.

Machine-generated, auto-discovered privileges

Application privileges are inherent and can be auto-discovered with granular representation in DevOps and attributed to apps.

App privileges are portable

Application privileges can be discovered once and reused later, improving agility.

How it works

1
Easy to Deploy

Deploy Araali with a single command into your k8s infrastructure as a daemon set. There’s no configuration or disruption to normal application behavior.

3
Auto-Discover policies 

Discovers policies that are permanent and portable. These policies are easy to reason and simple to manage.

5
Intelligently routed Alert
2
Self Organizing Dashboard

Get an inventory of the risk from your apps and services into an intuitive dashboard.

4
Enforce

Enforce your firewall to natively implement identity-based policies to segment your k8s cluster on app boundaries. It leverages the power of eBPF, no sidecar needed.  

Get realtime alerts only when apps exercise new privileges/behavior, no false positives. These alerts are routed to the right app owner.

Customer Benefits

Compliance

App segmentation helps with PCI, HIPAA, and SOC2 compliance and adherence to the latest zero-trust publications from NIST.

Secret-free

Apps use identity-based privileges rather than passwords to access resources

Comprehensive and contextual audit

Receive detailed audits from K8s containerized environments. Eliminate your blind spots.

Enforce least privileges

Automatically apply the least privilege principles based on application identity.

Real-time intelligently routed alerts

Let precise alerts come to you and avoid alert fatigue.

App transparency 

Araali works with any app written in any language. It even works with third-party and open source apps without modification.

DevOps friendly

Integrate security at the speed of DevOps.

Araali Getting Started