One platform for policy enforcement, using landing zones to create accounts with pre-defined policies and continuous correction of drift.
Unified view of drift across clouds and tools with capability to correlate policy violations with graph-based cloud inventory.
One-click resolution of new violations using automated remediation, actionable alerts to right teams and suppression of noise.
Benchmark compliance across 350+ resource types spanning AWS, Azure, GCP and Kubernetes, using more than 20 frameworks and 1,200 policies.
Enforce governance by leveraging automation to create compliant cloud accounts and maintain standards uniformly across environments.
Create compliant accounts and maintain desired state. Define landing zones to create accounts with desired policy configurations and automate drift remediation.
Reduce risk and improve compliance. Secure cloud and Kubernetes configurations and mitigate risks with event-driven detection and automated remediation.
Improve compliance and monitor vulnerabilities. Use out-of-the box content to detect drift and enforce desired configurations and identify vulnerabilities in hosts.
Create multi-account AWS and Azure environments with pre-defined policy configuration using simple workflows and Infrastructure as Code (IaC) templates.
Choose from a library of built-in IaC templates or build custom templates with desired state policy configurations for cloud accounts and cloud-native services.
Gain unified view of drift across accounts and investigate violations of declared policy states, eliminating the need to manually track configuration drift using disparate compliance tools.
Identify conditions that increase cloud risk, including lateral movement and privilege escalations, by assessing connections between misconfigured Kubernetes and cloud resources.
Write custom policies by using a click-through query builder that captures resource relationships to provide detection beyond simple property checks.
Generate a template from policy configurations in an existing account and use it as a benchmark to monitor drift for multiple cloud accounts.
Reduce false positives with workflows that enable app teams to request time-bound exceptions and admins to automate approvals.
Maintain desired state for accounts by automating drift remediation to enforce policies, and proactively secure cloud configurations by resolving new violations.
Support for 350+ resource types across AWS, Azure, Google Cloud and Kubernetes including Amazon GuardDuty, Amazon Inspector, Amazon SQS, Microsoft Defender for Cloud, Google Cloud Security Command Center, Slack, Splunk, Webhook, and Jira Cloud.
Tanzu Guardrails Editions | For cloudFree |
For cloudAdvanced |
For cloud and hostsEnterprise |
---|---|---|---|
Cloud inventory and search | |||
Landing zones policies template | |||
Config drift management | |||
CIS benchmark compliance | |||
Cloud security posture and compliance | |||
Auto remediation | |||
Host config management | |||
Host vulnerability scanning | |||
Learn more | Contact us | Contact us |
Tanzu Guardrails is a multi-cloud governance service to scale end-to-end policy enforcement across clouds and Kubernetes. The service enables organizations to consistently enforce standards that help regulate cost, reduce risks and optimize performance across clouds, Kubernetes and hosts. It combines preventative and detective techniques by providing policy as code, security posture management, and host config management and vulnerability scanning.