Transition your DevOps to DevSecOps without pain
There is a heightened expectation that security needs to be part of DevOps (security shift left) which is a significant change from the current state. In future developers, who have the best context, will be progressively responsible for enabling firewall and WAF like controls in apps, while security will own governance, compliance, and cyber risk.
Araali is creating a solution that allows developers to easily build security into their apps and enable the tooling to allow security teams to track conformance, understand risks, and also incorporate enterprise-wide security policies.
Pen Test with confidence
Pentesting is an important security gate to validate security posture for application and network. The vulnerabilities found during pentest are used to fine-tune security policies, patch applications, or network or build compensating controls to reduce risk. Araali fortifies your apps to reduce attack surfaces and security surprises during pen test. Also, you can test your app with built-in security so that what you test is what gets deployed.
Rely on static and dynamic scans
Pen Test microservices with high attack surface
Apps deployed with compensating controls - based on IPs and Ports
Araali Secured DevOps
Distributed controls injected into every app
Microservices reduced to a monolith, only the frontend exposed. Rest of the containers fully locked down - helps with pentesting
Stays with the app during runtime to give contextual alerts and security
How it works
Applicable consistently across VMs, Containers and Kubernetes
Fortify your app (VM based or Kubernetes) with Araali
Run the app in CI - auto-discover and accept Araali policies (lockdown your microservices)
Run pentest with reduced attack surface
Policies from CI are portable to the public cloud or private cloud
Deploy in production to get Araali run time protection - what test is what you get
What you get
Policies on Tags/Labels are missing the point
These are mere aliases for IP addresses and a malware resident on the node gets the same exact privilege. In addition, there is manual effort involved in tagging upfront, which can get complex as you begin to think about the policies you will end up wanting to create.
Passwords and secrets
Apps still live in the dark world of passwords. API keys and secrets are euphemisms for passwords, which lack a second factor beyond “what you have.” Programmatic access represents a higher risk of damage and data theft.
Contemporary solutions like Firewall (NGFW) require all the app traffic to go through HW or SW firewall which might create chokepoints as apps scale. Similarly, sidecar based solution create incremental fault domains for the app that has to be carefully monitored (if the sidecar is down the app is down)
Automatic, Portable Policies based on Non-repudiable Identities
Araali uses non-repudiable identity (non-reliant on IPs) as the foundation of authentication and builds the best of breed security on top of it.
Policies based on these identities are (a) auto-discovered - in dev or staging, (b) self-managed - auto-created and updated, (c) portable - create on prem and use on any cloud, (d) travels with the app - as the app moves across infrastructure, (e) works with immutable infrastructure
2FA for apps
Araali allows only known whitelisted apps to talk outside based on their non-repudiable digital identity. This is akin to adding a 2nd factor to programmatic access to external services.
Araali leverages eBPF (Linux superpower) to do the security by providing sandboxed programmability of the Linux kernel with incredible performance.