Get instant visibility for your apps and assets. 


Qualify pentest or debug runtime issues in a dev or staging environment. Push your apps (VM or K8s) into production with declarative security built-in.

Use Cases

Applicable consistently across VMs, Containers and Kubernetes

Visibility - know your K8s apps

Understand what your app does, the services it provides and consumes, and their privileges. Araali creates a detailed network view uncovering traffic patterns within or across K8s apps, VMs, and even BMs regardless of the underlying infrastructure.

Araali also enumerates attack surface, privileges, and vulnerability scores - akin to a real-time pentesting report that is always current.  As the app interfaces and its privileges evolve over its lifecycle,  Araali provides a real-time audit to ensure it's in line with your expectations.


Debugging Runtime Alerts/Issues

During Runtime, Araali generates Precise Contextual Alerts that gets intelligently routed to the responsible app owner vs. the entire app team. These alerts could be for lateral movement, exfil attempts, or zero-day exploits. Also, Araali creates a log and network diagram for the apps. Use these alerts and logs to assistant you in what happened.

Applicable consistently across VMs, Containers and Kubernetes

Declarative Security for any app

As security shifts left, there is a desire to do security in DevOps (DevSecOps) and launch with tight security turned on. Manually writing policies is tedious and leads to loose policies. 

Araali empowers Developers to create declarative access controls into the app. The policies are auto-discovered during the CI phase vs. handwritten and are deterministic and portable. As the app changes, the policies get auto-generated and pushed in the Deployment along with the app.

Pen Test with confidence

Pentesting is a vital security gate to validate security posture for application and network. Araali gives you out of box visibility into vulnerabilities, communication pattern, ports open, etc. in the Dev stage. The developers can use Araali reports to fine-tune the app before pentest and share network requirements with the networking team. 

Post pen test, enforce Araali at runtime to compensate for any residual risk to prevent launch delay yet securely run. Finally, you can test your app with built-in security so that what you tested is what gets deployed.


  • Rely on static and dynamic scans

  • Pen Test microservices with high attack surface

  • Apps deployed with compensating controls - based on IPs and Ports

Araali Secured DevOps


  • Distributed controls injected into every app 

  • Microservices reduced to a monolith, only the frontend exposed. Rest of the containers fully locked down - helps with pentesting

  •  Stays with the app during runtime to give contextual alerts and security

Transition your DevOps to DevSecOps without pain

Applicable consistently across VMs, Containers and Kubernetes

There is a heightened expectation that security needs to be part of DevOps (security shift left), which is a significant change from the current state. In the future, the Dev team, which has the best context, will be progressively involved in enabling firewall and WAF like controls in apps. However, with new security standards and compliance requirements, they will collaborate and work for hand in glove with security experts to understand contemporary risk and attack vectors. The Security team will own oversight, governance, compliance, and cyber risk.

Araali is creating a solution that allows developers to quickly build security into their apps and enable the tooling to enable security teams to track conformance, understand risks, and also incorporate enterprise-wide security policies.


How it works

Applicable consistently across VMs, Containers and Kubernetes

  1. Fortify your app (VM based or Kubernetes) with Araali

  2. Run the app in CI - auto-discover and accept Araali policies (lockdown your microservices)

  3. Run pentest with reduced attack surface

  4. Policies from CI are portable to the public cloud or private cloud

  5. Deploy in production to get Araali run time protection - what test is what you get


What you get

Policies on Tags/Labels are missing the point

These are mere aliases for IP addresses and a malware resident on the node gets the same exact privilege. In addition, there is manual effort involved in tagging upfront, which can get complex as you begin to think about the policies you will end up wanting to create.

Passwords and secrets

Apps still live in the dark world of passwords. API keys and secrets are euphemisms for passwords, which lack a second factor beyond “what you have.” Programmatic access represents a higher risk of damage and data theft.


Contemporary solutions like Firewall (NGFW) require all the app traffic to go through HW or SW firewall which might create chokepoints as apps scale. Similarly, sidecar based solution create incremental fault domains for the app that has to be carefully monitored (if the sidecar is down the app is down)

Automatic, Portable Policies based on Non-repudiable Identities

Araali uses non-repudiable identity (non-reliant on IPs) as the foundation of authentication and builds the best of breed security on top of it.

Policies based on these identities are  (a) auto-discovered - in dev or staging, (b) self-managed - auto-created and updated, (c) portable - create on prem and use on any cloud, (d) travels with the app - as the app moves across infrastructure, (e) works with immutable infrastructure

2FA for apps

 Araali allows only known whitelisted apps to talk outside based on their non-repudiable digital identity. This is akin to adding a 2nd factor to programmatic access to external services.

Blazing performance

Araali leverages eBPF (Linux superpower) to do the security by providing sandboxed programmability of the Linux kernel with incredible performance. 



Icons made by Flaticon


39812 Mission Blvd. Suite 224
Fremont, CA 94539 USA

  • White LinkedIn Icon
  • White Twitter Icon