Application Access Manager

 

Araali delivers a least privilege, identity-based, and location-independent policy paradigm for cloud apps with a prescriptive workflow that leads to instant visibility and enforcement. Think of IAM and UBA transparently embedded into cloud apps.

Identity driven (User and App identity works differently)

Non-repudiable process identity forms the basis for authentication and authorization. Araali takes care of managing identity lifecycle in an automated passwordless way

 

Because a good policy paradigm cannot function without first fixing identity 

  • IP addresses are not a good proxy for identity. Nor are tags applied to IaaS (AWS, Azure, etc.) assets.

  • The way to authenticate users is very different from authenticating apps. For users, there is multi-factor authentication, fingerprints, faceID, biometric, etc. which cannot be applied to apps in the data center

  • Passwords and secrets are bad for both users and apps. Passwords get easily stolen or broken and are a common theme powering breaches.

  • Vaults are often used for storing credentials but there is a password for the vault (i.e., its a recursive problem, the last mile of password management is not solved)

Automated Whitelisted policies

Araali Application Access Manager is injected into every app. This allows it to provide visibility and deterministic process grained whitelisted policies that are not dependent on IPs, location, or tags. These policies are self-generated for ease of use in today's fast pace agile world

Because a good policy framework cannot be based on a heuristic model or manual

  • Sitting in the network or host, it is hard to parse who is doing what on the network

  • Network or Host-based heuristic models are based on network attributes which keep changing in today's modern apps and infra

  • Manual declarative policy definition is friction for the developers  

Distributed with Audits

Araali runs alongside apps resulting in distributed security with no choke points. Also, Araali audits every activity and keeps audit-trail for analytics and forensics

In a hybrid cloud world, your security should not be sitting inside your on-prem perimeter but work equally well for the cloud.

  • AWS Security groups are not a good replacement for proper firewall function. It predates the advances made by application-aware firewalls (NGFW). It’s hard to express application communication patterns, resulting in it not being very effective.

  • Configuring and running traditional firewalls on the cloud is challenging and often very expensive.

  • Network-based segmentation can be made foolproof only if it is air-gapped which effectively renders it useless for the business 

Araali claims for Advanced Persistent Threats (APT)

01

Can't move laterally

02

Can't talk to any other enterprise apps 

03

Can't talk outside - no data exfiltration or communication with Command & Control

What Araali Does

Araali is a SaaS-managed distributed security embedded into apps, containerized and VM-base that you own and control. This architecture enables enterprises to build cloud-scale apps on VM, containers or functions with built-in security without any traditional network security constraints.

Visibility​

 

Araali enables enterprises to monitor and inventory every app. In addition, it mandates that apps mutually authenticate and authorize with non-repudiable identities.

Governance​

 

Araali provides contextual app-level policy which is easy to visualize and enforce at a click of a button. This provides an accelerated path to application whitelisting and brings governance back to the security team in a cloud world where developers can be less careful. This improves the working relationship between dev, sec and ops team, allowing dev to focus on velocity and security to own risk.

Low friction ​

 

Araali reduces friction by optimizing CI/CD insertion, policy creation, and dev-sec-ops interactions. Policy creation is especially hard in a world where workloads are ephemeral and IP and ports keep churning. In comparison, Araali policies are identity-based which makes it infrastructure and location agnostic (discover once, use anywhere - on prem, cloud, etc.). This enables automation and a significant reduction in the total cost of ownership (TCO). Araali creates workflows that enable dev-sec-ops to work together and align on tighter security posture similar to what Git and Docker did for dev-ops.

Araali has everything a security team wants

Easy to use - easy installation and no code change required. Up and running in less than 10 mins

Seamless deployment into all assets - integrates with your CI/CD process to cover VMs, containers, on prem and cloud

Works for both VM and container environment simplifying tools and policies

Feature-full CLI for power users and GUI for visibility into risk, alerts, and policy

Distributed - build for scale with no choke points

Security by design - built-in protection that can be enabled at the get-go

Tight Security across your fleet of apps that is

EASY

There are too many cloud-native knobs often lacking secure defaults that are cumbersome to use and configure.

Inject Araali's Application Access Manager and allow it to automatically take care of locking down privileges.

Deploy under 20 min.

Multi-cloud ready.

AUTOMATED

Modern infrastructure is ephemeral - chasing IP and Ports is a never-ending proposition. 

Auto-discovered, permanent and portable application privilege based on non-repudiable application identity.

Auto-discover policies with Araali, no pre-work necessary. Once discovered, the policies are portable across on-prem and cloud environments.

ENFORCABLE

Zero bugs and vulnerabilities is a noble goal, but unrealistic. Chasing bad actors based on blacklists is tiring and error-prone especially as the list grows.

Not talking to strangers and whitelisting is a superior security strategy. It's just been hard to administer (pre-Araali). See it to believe it.

Araali prevents malware and unauthorized app from talking to your apps, moving laterally, or exfiltrating data - raising clean contextual alerts when such attempts are spotted.

WHY BOTHER 

Policies on Tags/Labels are missing the point

These are mere aliases for IP addresses and a malware resident on the node gets the same exact privilege. In addition, there is manual effort involved in tagging upfront, which can get complex as you begin to think about the policies you will end up wanting to create. Instead, let the tool do all the organizing for you.

Passwords and secrets

User access control can now benefit from advances in MFA and biometrics, but apps still live in the dark world of passwords. API keys and secrets are euphemisms for passwords, which lack a second factor beyond “what you have.” Programmatic access represents a higher risk of damage and data theft.

mTLS is only part of the solution

It solves for data-in-flight encryption and man-in-the-middle. However, there are two other, perhaps more important, problems that remain unsolved - (a) whom these certificates are awarded to, and the strength of the authentication; (b) awarding only necessary privileges to the authenticated entity (the access control or policy problem).

1

2

3

5

4

How it works

1

Easy to Deploy

Araali forms an overlay on top of any infrastructure and it can be deployed with a single command. There’s no configuration necessary and in tap mode, Araali cannot cause disruptions to normal application behavior.

2

Self-Organizing

Apps and services are automatically discovered and organized by Araali.

3

Distributed Architecture

Araali overlay easily spans hybrid cloud environments

4

Identity-based

Araali works by tracking privileges for application identities.

5

Autonomous Detection and Response

Real-time detection of lateral movement and exfiltration attempts.