Applications that have not been containerized or broken into cloud-native microservices are the vast majority of what enterprises are running today. As plans are made to lift and shift these applications in whole in or in part to leverage elastic cloud resources, enterprises struggle with the challenges of securing their east-west traffic without having to make changes to the service code. Lift-and- shift approaches replicate the physical infrastructure in the cloud and create additional complexity and costs. What is needed is one consistent security model that works on-premises, in hybrid clouds and multi clouds – today and into the future as applications evolve to become more cloud-native.
To leverage the security mesh provided by Aporeto, existing Linux processes are automatically containerized so they are started with all of the information needed for Aporeto to assign them a unique identity based on their attributes. The Aporeto Enforcer is easily deployed onto each physical or virtual host using existing deployment tools. Then, as the application runs for a period of time, Aporeto will automatically observe it and use machine intelligence to generate all of the security policies required to fully secure it – with no changes to source code. Once the InfoSec team reviews and approves them, the security policies will provide fine-grained protection of each Linux process from attacks originating externally or within, wherever they run – with an eye toward the future application structure.