VMware by Broadcom Aria Guardrail
by End-to-end policy enforcement at scale
Simplify your cloud experience with a modern automation platform
VMware Aria Guardrail is a multi-cloud governance service that enables organizations to scale end-to-end policy enforcement across clouds and Kubernetes. Cloud teams can consistently enforce standards that help regulate cost, reduce risks, and optimize performance across clouds, Kubernetes, and hosts. Our service combines preventative and detective techniques that make it possible to repeatedly create accounts with predefined policies that mirror organizational controls, continuously monitor configuration drift, and automate policy enforcement. Cloud teams can avoid manual approaches and leverage infrastructure-as-code (IaC) templates to define the desired policy configuration and deliver compliant accounts using landing zones.
Top Features
Consistent and continuous governance
One platform for policy enforcement, using landing zones to create accounts with pre-defined policies and continuous correction of drift.
Visibility with inventory context
Unified view of drift across clouds and tools with capability to correlate policy violations with graph-based cloud inventory and cloud entitlements.
Flexible and automated actions
One-click resolution of new violations using automated remediation, actionable alerts to right teams and suppression of noise.
In-depth multi-cloud coverage
Benchmark compliance across 350+ resource types spanning AWS, Azure, GCP and Kubernetes, using more than 20 frameworks and 1,200 policies.
Recommended products
Unified multi-cloud governance and policy management
Enforce governance by leveraging automation to create compliant cloud accounts and maintain standards uniformly across environments.
- Host configuration and vulnerability management
- Cloud infrastructure entitlement management
- Security posture management
- Continuous governance
Key capabilities
- Continuous enforcement - Maintain desired state for accounts by automating drift remediation to enforce policies, and proactively secure cloud configurations by resolving new violations.
- Automated suppressions - Reduce false positives with workflows that enable app teams to request time-bound exceptions and admins to automate approvals.
- Easy monitoring - Generate a template from policy configurations in an existing account and use it as a benchmark to monitor drift for multiple cloud accounts.
- Custom policies - Write custom policies by using a click-through query builder that captures resource relationships to provide detection beyond simple property checks.
- IAM visibility - Investigate cloud entitlements and reduce unnecessary or excess privileges by visualizing different paths through which users or machines can access cloud resources.
- Advanced detection - Identify conditions that increase cloud risk, including lateral movement and privilege escalations, by assessing connections between misconfigured Kubernetes and cloud resources.
- Unified visibility - Gain unified view of drift across accounts and investigate violations of declared policy states, eliminating the need to manually track configuration drift using disparate compliance tools.
- Policy templates - Choose from a library of built-in IaC templates or build custom templates with desired state policy configurations for cloud accounts and cloud-native services.
- Landing zones - Create multi-account AWS and Azure environments with pre-defined policy configuration using simple workflows and Infrastructure as Code (IaC) templates.
Integrations
Support for 350+ resource types across AWS, Azure, Google Cloud and Kubernetes including Amazon GuardDuty, Amazon Inspector, Amazon SQS, Microsoft Defender for Cloud, Google Cloud Security Command Center, Slack, Splunk, Webhook, and Jira Cloud.
Additional Information
Terms & Conditions
Terms of Service
https://www.broadcom.com/company/legal/terms-of-usePrivacy Policy
https://www.vmware.com/help/privacy.html