Reducing misconfigurations, monitoring malicious activity, and preventing unauthorized access are foundational activities necessary to ensure security and compliance of applications and data in the cloud. As criminals become more sophisticated in their abilities to exploit cloud misconfiguration vulnerabilities, security teams need a smarter approach to prevent security breaches.
VMware Aria Automation™ for Secure Clouds (formerly CloudHealth® Secure State™) is a real-time, contextual cloud configuration security platform that enables IT and developer teams to reduce misconfiguration risk across public cloud and Kubernetes infrastructure. You can prioritize and investigate security findings with near real-time search and advanced rules that correlate risk due to resource relationships and entitlements with misconfigurations and threat activity. As your cloud footprint grows, VMware Aria Automation for Secure Clouds enables you to operationalize security at scale by automating actions, such as alerts, suppressions and remediation, based on predefined criteria.
How VMware Aria Automation for Secure Clouds works
In the cloud, security is a shared responsibility between a cloud provider and a customer’s security and application teams. VMware Aria Automation for Secure Clouds helps organizations manage multi-cloud risk by enabling IT administrators to distribute security and compliance insights across application owners at real-time speed.
Foundational to VMware Aria Automation for Secure Clouds is an interconnected cloud security model (Figure 1), an intermediate data layer that leverages cloud APIs, change events, and native threat data to help organizations model an entire multi-cloud environment in a single place. To this data layer, the service applies predefined security and compliance benchmarks as well as organization- specific custom rules to surface violations that increase risk.
Figure 1: The interconnected cloud security model of VMware Aria Automation for Secure Clouds.
This data model enables information security, operations and application teams to quickly visualize misconfigured resources, connected cloud assets, excessive permissions, and historical changes to get a better understanding of overall risk. As objects, data and relationships change, the service intelligently detects new violations and threats in near real time.
Application teams get easy access to security findings with contextual alerts and initiate actions via the cloud provider console, automated remediations, or security verification during continuous integration and continuous deployment (CI/CD) pipelines.
- One platform – Get cloud security posture management (CSPM), Kubernetes security posture management (KSPM), cloud infrastructure entitlement management (CIEM), and threat correlation as one integrated cloud configuration security solution.
- Deeper context – Find risks that others overlook by visualizing and correlating resource relationships with misconfigurations, entitlements and threats.
- Coverage depth – Gain a comprehensive understanding of security and compliance posture with support for more than 350 cloud resources, 1,100 rules, and 20 compliance frameworks.
- Faster response – Detect 95 percent of security violations in less than six seconds of a change notification, and automate remediation securely.
- Operational ease – Protect cloud and Kubernetes resources at scale with fewer false positives, automated workflows, and customer success guidance.
Key Use Cases
- Inventory search and investigation – Reduce security investigation time from days to minutes with real-time graph search that enables you to visualize resource relationships.
- Cloud security posture management – Mitigate cloud risk with real-time misconfiguration detection, infrastructure context, and automated actions.
- Kubernetes security posture management – Secure managed and self-managed Kubernetes infrastructure, including insight into access to sensitive cloud credentials.
- Compliance risk management – Benchmark compliance across ephemeral cloud resources with predefined industry standards or organization-specific custom frameworks.
- Cloud infrastructure entitlement management – Gain visibility into principals and their entitlements to cloud resources to identify sensitive access conditions.
- Threat correlation and anomaly detection – Prioritize response to critical threats by correlating anomalies with risky misconfigurations.
- Shift-left security and compliance – Integrate security and compliance best practices within CI/CD pipelines to proactively identify and remediate violations before a deployment hits production.
- Cloud providers and services – Secure the cloud control plane with support for more than 100 infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) solutions in Amazon Web Services, Microsoft Azure, and Google Cloud environments.
- Inbound integrations – Ingest security vulnerabilities and threats from multiple tools to improve understanding of security posture. Inbound integrations include Amazon GuardDuty, Microsoft Defender for Cloud, and Amazon Inspector.
- Outbound integrations – Send notifications and integrate with existing workflows to speed up security response. Outbound integrations include email, Jira Cloud, Slack, Splunk, Amazon SQS, and webhook.
Teams that can benefit from VMware Aria Automation for Secure Clouds
- Cloud security
- Governance, risk and compliance
- Vulnerability management
- IT operations
- Security operations
- Developer operations