Transition your DevOps to DevSecOps without pain

There is a heightened expectation that security needs to be part of DevOps (security shift left) which is a significant change from the current state. In future developers, who have the best context, will be progressively responsible for enabling firewall and WAF like controls in apps, while security will own governance, compliance, and cyber risk.

Araali is creating a solution that allows developers to easily build security into their apps and enable the tooling to allow security teams to track conformance, understand risks, and also incorporate enterprise-wide security policies.

Pen Test with confidence

Pentesting is an important security gate to validate security posture for application and network. The vulnerabilities found during pentest are used to fine-tune security policies, patch applications, or network or build compensating controls to reduce risk. Araali fortifies your apps to reduce attack surfaces and security surprises during pen test. Also, you can test your app with built-in security so that what you test is what gets deployed.


  • Rely on static and dynamic scans

  • Pen Test microservices with high attack surface

  • Apps deployed with compensating controls - based on IPs and Ports

Araali Secured DevOps


  • Distributed controls injected into every app 

  • Microservices reduced to a monolith, only the frontend exposed. Rest of the containers fully locked down - helps with pentesting

  •  Stays with the app during runtime to give contextual alerts and security

How it works

Applicable consistently across VMs, Containers and Kubernetes

  1. Fortify your app (VM based or Kubernetes) with Araali

  2. Run the app in CI - auto-discover and accept Araali policies (lockdown your microservices)

  3. Run pentest with reduced attack surface

  4. Policies from CI are portable to the public cloud or private cloud

  5. Deploy in production to get Araali run time protection - what test is what you get

What you get

Policies on Tags/Labels are missing the point

These are mere aliases for IP addresses and a malware resident on the node gets the same exact privilege. In addition, there is manual effort involved in tagging upfront, which can get complex as you begin to think about the policies you will end up wanting to create.

Passwords and secrets

Apps still live in the dark world of passwords. API keys and secrets are euphemisms for passwords, which lack a second factor beyond “what you have.” Programmatic access represents a higher risk of damage and data theft.


Contemporary solutions like Firewall (NGFW) require all the app traffic to go through HW or SW firewall which might create chokepoints as apps scale. Similarly, sidecar based solution create incremental fault domains for the app that has to be carefully monitored (if the sidecar is down the app is down)

Automatic, Portable Policies based on Non-repudiable Identities

Araali uses non-repudiable identity (non-reliant on IPs) as the foundation of authentication and builds the best of breed security on top of it.

Policies based on these identities are  (a) auto-discovered - in dev or staging, (b) self-managed - auto-created and updated, (c) portable - create on prem and use on any cloud, (d) travels with the app - as the app moves across infrastructure, (e) works with immutable infrastructure

2FA for apps

 Araali allows only known whitelisted apps to talk outside based on their non-repudiable digital identity. This is akin to adding a 2nd factor to programmatic access to external services.

Blazing performance

Araali leverages eBPF (Linux superpower) to do the security by providing sandboxed programmability of the Linux kernel with incredible performance. 


Tel: 510-624-9941

39812 Mission Blvd. Suite 224
Fremont, CA 94539 USA

  • White LinkedIn Icon
  • White Twitter Icon