VMware by Broadcom Aria Guardrail

by VMware by Broadcom

End-to-end policy enforcement at scale

 Write a review
Buy Now Contact Us

Unified multi-cloud governance and policy management

Enforce governance by leveraging automation to create compliant cloud accounts and maintain standards uniformly across environments.

  • Host configuration and vulnerability management
  • Cloud infrastructure entitlement management
  • Security posture management
  • Continuous governance

Key capabilities

  • Continuous enforcement - Maintain desired state for accounts by automating drift remediation to enforce policies, and proactively secure cloud configurations by resolving new violations.
  • Automated suppressions - Reduce false positives with workflows that enable app teams to request time-bound exceptions and admins to automate approvals.
  • Easy monitoring - Generate a template from policy configurations in an existing account and use it as a benchmark to monitor drift for multiple cloud accounts.
  • Custom policies - Write custom policies by using a click-through query builder that captures resource relationships to provide detection beyond simple property checks.
  • IAM visibility - Investigate cloud entitlements and reduce unnecessary or excess privileges by visualizing different paths through which users or machines can access cloud resources.
  • Advanced detection - Identify conditions that increase cloud risk, including lateral movement and privilege escalations, by assessing connections between misconfigured Kubernetes and cloud resources.
  • Unified visibility - Gain unified view of drift across accounts and investigate violations of declared policy states, eliminating the need to manually track configuration drift using disparate compliance tools.
  • Policy templates - Choose from a library of built-in IaC templates or build custom templates with desired state policy configurations for cloud accounts and cloud-native services.
  • Landing zones - Create multi-account AWS and Azure environments with pre-defined policy configuration using simple workflows and Infrastructure as Code (IaC) templates.

Integrations

  • Support for 350+ resource types across AWS, Azure, Google Cloud and Kubernetes including Amazon GuardDuty, Amazon Inspector, Amazon SQS, Microsoft Defender for Cloud, Google Cloud Security Command Center, Slack, Splunk, Webhook, and Jira Cloud.