Aporeto expands Zero Trust security solution with Identity-Aware Proxy and PAM

Aporeto, the leader in Identity-Powered Cloud Security, announced the immediate availability of Cloud Privileged Access Management (PAM) for infrastructure and Identity-Aware Proxy for modern applications.

These new services represent a significant expansion of the Aporeto Zero Trust security solution to protect user access to applications and infrastructure. When implemented along with Aporeto’s Distributed Firewall, which enables workload identity-based microsegmentation, the new combined offering represents the most comprehensive Zero Trust security solution available for modern applications and infrastructures.

The Aporeto platform abstracts security away from the IP infrastructure to address application segmentation requirements and improves the risk posture of any application. With centralized management and distributed enforcement, policies protect applications on premises, on public clouds, or as they migrate between the two. The adherence of security policies to application components rather than the infrastructure makes them portable and persistent.

Aporeto delivers a Zero Trust security solution by bringing the power of Identity to cloud infrastructure, providing single sign-on (SSO) authentication, visibility, and authorization controls for heterogeneous workloads on-premises or in any public cloud. By leveraging capabilities already present in industry standards such as OpenSSH and OpenID Connect (OIDC), organizations can dramatically improve their security posture without modifying any underlying application.

Aporeto limits a user’s interaction with any part of enterprise infrastructure based on his identity, including user-context information, and based on policy. This capability enables enterprises to comply with regulations without the need to manage SSH keys or VPN tunnels.

“We see customers continuing to struggle with managing secure access to applications and infrastructure, from privileged insiders accessing servers and cloud images to end users who need secure access to Web applications or APIs,” said Jason Schmitt, CEO of Aporeto. “With the Aporeto identity-based cloud security platform, we are able to authenticate, authorize, and encrypt every interaction within your cloud infrastructure, providing just-in-time access to what’s needed, when it’s needed and only when policy explicitly allows it. We’re helping customers throw out the old paradigm of appliance-based perimeter security, like firewalls and VPNs.”

Aporeto Cloud PAM provides just-in-time server access with visibility and control for any server on your infrastructure, providing:

• Elimination of SSH key management complexities
• Access controls based on the user’s authenticated identity and time-bound policies
• Just-in-time SSH access, with SSH certificates
• Compatibility with OpenSSH nodes
• SSO with OIDC-compliant 3rd-party IDPs
• Logging of all CLI commands issued by users for auditability and compliance
• Seamless integration with Aporeto’s Distributed Firewall for networkless micro-segmentation

Aporeto Identity-Aware Proxy enables VPN-less access to corporate web applications and APIs by using identity and context to control access. The benefits are:

• Elimination of VPNs and API gateways to manage secure access to web resources
• Enablement of OIDC compliant authentication and authorization with zero code changes, offloading strong access control from business logic
• Enforcement of granular authorization policies based on user identity, differentiating between corporate users, B2B partners, and contractors

“We are excited about our partnership with Aporeto and showcasing these new Zero Trust services to our customer base,” said Jimmy Xu, Practice Lead, DevSecOps & Cloud Security at Trace3. “We already have had great traction with our customers with Aporeto’s workload identity-based microsegmentation product and look forward to meeting the most demanding security needs of enterprise customers looking for privileged access management solutions as part of their cloud adoption journey.”