VMware by Broadcom Aria Guardrail

by VMware by Broadcom

End-to-end policy enforcement at scale

 Write a review
Contact Us Buy Now

Unified multi-cloud governance and policy management

Enforce governance by leveraging automation to create compliant cloud accounts and maintain standards uniformly across environments.

  • Continuous governance
  • Security posture management
  • Cloud infrastructure entitlement management
  • Host configuration and vulnerability management

Key capabilities

  • Landing zones - Create multi-account AWS and Azure environments with pre-defined policy configuration using simple workflows and Infrastructure as Code (IaC) templates.
  • Policy templates - Choose from a library of built-in IaC templates or build custom templates with desired state policy configurations for cloud accounts and cloud-native services.
  • Unified visibility - Gain unified view of drift across accounts and investigate violations of declared policy states, eliminating the need to manually track configuration drift using disparate compliance tools.
  • Advanced detection - Identify conditions that increase cloud risk, including lateral movement and privilege escalations, by assessing connections between misconfigured Kubernetes and cloud resources.
  • IAM visibility - Investigate cloud entitlements and reduce unnecessary or excess privileges by visualizing different paths through which users or machines can access cloud resources.
  • Custom policies - Write custom policies by using a click-through query builder that captures resource relationships to provide detection beyond simple property checks.
  • Easy monitoring - Generate a template from policy configurations in an existing account and use it as a benchmark to monitor drift for multiple cloud accounts.
  • Automated suppressions - Reduce false positives with workflows that enable app teams to request time-bound exceptions and admins to automate approvals.
  • Continuous enforcement - Maintain desired state for accounts by automating drift remediation to enforce policies, and proactively secure cloud configurations by resolving new violations.

Integrations

  • Support for 350+ resource types across AWS, Azure, Google Cloud and Kubernetes including Amazon GuardDuty, Amazon Inspector, Amazon SQS, Microsoft Defender for Cloud, Google Cloud Security Command Center, Slack, Splunk, Webhook, and Jira Cloud.