Aporeto: Container Security Product Overview and Analysis

Sean Michael Kerner

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Aporeto

See our complete list of top container and Kubernetes security vendors

Company

Fundamental to Aporeto’s approach is the principle that everything in an application is accessible to everyone and could be compromised at any time. The company was founded in 2015 with company headquarters in San Jose, CA. The company is led by CEO Jason Schmitt, formerly of HPE, with co-founders from Nuage, Cisco and VMware.

Products

Aporeto uses application context to enforce authentication, authorization, and encryption policies for applications. With Aporeto, enterprises implement a uniform security policy decoupled from the underlying infrastructure, enabling workload isolation, API access control and application identity management across public, private or hybrid clouds.

The Aporet product has two core components :

  • A SaaS security orchestrator for policy management and visibility of application dependencies across a heterogeneous environment.
  • An enforcer that performs distributed policy enforcement. The enforcer can be deployed as an agent, a Kubernetes daemon-set, a privileged container, a sidecar or a customer authorizer for API gateways.

Key Features

  1. Zero Trust policy enforcement for workload segmentation independent of infrastructure: Authenticate and Authorize requests both at L4 (TCP) and L7 (HTTP) between workloads or between a user and a workload. A workload can be container, process or serverless. Policy is defined centrally but enforced in a distributed manner. Policy enforcement works independent of IP addresses and applicable to workloads on public or private clouds.
  2. Service Identity: In order to authenticate and authorize a persistent workload, identity is required. Aporeto assigns workloads (container or process) a cryptographically signed service identity independent of IP infrastructure.
  3. Application visibility for compliance: Dependency maps across all applications protected by Aporeto independent of the infrastructure on which the application is deployed.
  4. Runtime visibility: For containers, Aporeto offer runtime visibility of interactions between the container and the host and enforcement of runtime policies.

Product Performance Metrics

The use of service identity independent of IP infrastructure for policy enforcement allows the solution to scale to tens of thousands of hosts. Performance overhead is very minimal for Layer 4 enforcement. Only TCP connection establishment is in the enforcer data path. Once a connection is mutually authenticated and authorized, the enforcer is no longer in the data path.

Delivery

SaaS service with options for custom deployments for regulated industries

Pricing

Subscription pricing model

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Previous article

Next article

Sean Michael Kerner Avatar
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




IT Security Resources

Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis

Related Articles