While public cloud enables you to deliver applications to customers with efficiency and agility, it also places the responsibility of security in the cloud in the landscape of evolving cloud services and constantly changing resources. As security breaches due to cloud misconfigurations rise, it is important to gain visibility and proactively monitor cloud asset configurations to manage risk.
Introducing VMware Aria Automation for Secure Clouds Free Tier
VMware Aria Automation™ for Secure Clouds (formerly CloudHealth® SecureState™) is a real-time, contextual cloud native configuration security platform thatenables organizations to automate and scale security with ease across millions ofassets within thousands of cloud accounts. Developer and security operations teams looking for an intelligent cloud security posture management approach can get instant access to VMware Aria Automation for Secure Clouds Free Tier to improve resource visibility and reduce misconfigurations in a cloud account and a Kubernetes cluster of their choice.
Who can benefit from VMware Aria Automation for Secure Clouds Free Tier?
- DevOps engineers
- Platform operations
Our unique, interconnected cloud security model
As you onboard your cloud accounts, VMware Aria Automation for Secure Clouds maps cloud objects, data and relationships, which are updated continuously to model your changing cloud environment. The service applies best practices based on predefined security and compliance benchmarks to this data lake and reports any security violations. This unique data model helps you visualize and examine any security violation detected in your cloud stack across both cloud and Kubernetes resources, and understand heightened risk due to adjacent objects’ risk posture.
It only takes a few minutes to fill a form, add a cloud account, and start using VMware Aria Automation for Secure Clouds Free Tier. Within no time, the service maps your cloud resources, relationships and metadata, giving you an easy way to search inventory and understand your cloud architecture. VMware Aria Automation for Secure Clouds Free Tier includes predefined security and compliance best practices, such as Center for Internet Security (CIS) benchmarks, to provide deep insight into misconfiguration risks.
Figure 1: An example of a Kubernetes service account associated with an IAM role andpermissions assigned to each of the workloads.
Key benefits
Using one platform, you can get an overview of cloud inventory and secure cloud native infrastructure with a unique ability to detect advanced misconfigurations due to relationships between cloud and Kubernetes resources. For example,Figure 1 shows that in an Amazon Elastic Kubernetes Service (EKS) cluster,a cloud identity and access management (IAM) role (cloud resources) can be attached with a Kubernetes service account (Kubernetes resources). And if you accidentally assign a high privilege cloud role with admin-level access, you could end up exposing your cloud account.
Investigate issues
- Easily find cloud resources with simple, type-ahead search.
- Understand relationships between cloud resources with visual graphs.
- Inspect resource metadata and track configuration changes over time.
Reduce misconfigurations
- Benchmark security and compliance posture based on the latest CIS frameworks.
- Prioritize the most critical misconfigurations and suppress false positives.
- Understand the security context of a misconfiguration, including the resourceblast radius.
Learn and collaborate
- Get instant service access to start securing your cloud environment within minutes.
- Learn security best practices with easy access to a rules wiki, documentation,and community support.
- Invite team members to collaborate on your journey to minimize security risk.
Features by VMware Aria Automation for Secure Clouds edition
| Free Tier | Enterprise | |
| Capacity | ||
| Assets monitored | 1 cloud account and Kubernetes cluster
|
Unlimited
|
| Cloud inventory | ||
| Update frequency | Daily
|
Near real time
|
| Search queries | 300/month
|
Unlimited
|
| Data retention | 30 days
|
13 months
|
| Security operations | ||
| Violation risk scores | ||
| Policy suppression | ||
| Multiple users | ||
| Automated remediation | ||
| Projects with role-based access control (RBAC) | ||
| Ticketing integrations | Email and Slack
|
Jira Cloud, Webhook
Email, Slack, Amazon Simple Queue Service (SQS), Splunk |
| Compliance | ||
| Built-in compliance benchmarks | ||
| Predefined security rules | ||
| Custom security rules | ||
| Custom compliance frameworks | ||
| Pre-scheduled reports | ||
| Support | ||
| Resources | VMware docs Community support | VMware docs Community support Dedicated customer success team |
| Supported clouds and services | ||
| Public clouds | AWS, Azure, Google Cloud Platform | |
| Managed Kubernetes services | Amazon Elastic Kubernetes Service, Azure Kubernetes Service, Google Kubernetes Engine | |
| Self-managed Kubernetes | ||
| Supported resource types | 350+ | 350+ |