VMware Tanzu Guardrails
End-to-end policy enforcement at scale
Read the solution briefConsistent and continuous governance
One platform for policy enforcement, using landing zones to create accounts with pre-defined policies and continuous correction of drift.
Visibility with inventory context
Unified view of drift across clouds and tools with capability to correlate policy violations with graph-based cloud inventory.
Flexible and automated actions
One-click resolution of new violations using automated remediation, actionable alerts to right teams and suppression of noise.
In-depth multi-cloud coverage
Benchmark compliance across 350+ resource types spanning AWS, Azure, GCP and Kubernetes, using more than 20 frameworks and 1,200 policies.
Key Capabilities
Enforce governance by leveraging automation to create compliant cloud accounts and maintain standards uniformly across environments.
- Continuous governance
- Security posture management
- Host configuration and vulnerability management
Create compliant accounts and maintain desired state. Define landing zones to create accounts with desired policy configurations and automate drift remediation.
Reduce risk and improve compliance. Secure cloud and Kubernetes configurations and mitigate risks with event-driven detection and automated remediation.
Improve compliance and monitor vulnerabilities. Use out-of-the box content to detect drift and enforce desired configurations and identify vulnerabilities in hosts.
Landing zones
Create multi-account AWS and Azure environments with pre-defined policy configuration using simple workflows and Infrastructure as Code (IaC) templates.
Policy templates
Choose from a library of built-in IaC templates or build custom templates with desired state policy configurations for cloud accounts and cloud-native services.
Unified visibility
Gain unified view of drift across accounts and investigate violations of declared policy states, eliminating the need to manually track configuration drift using disparate compliance tools.
Advanced detection
Identify conditions that increase cloud risk, including lateral movement and privilege escalations, by assessing connections between misconfigured Kubernetes and cloud resources.
Custom policies
Write custom policies by using a click-through query builder that captures resource relationships to provide detection beyond simple property checks.
Easy monitoring
Generate a template from policy configurations in an existing account and use it as a benchmark to monitor drift for multiple cloud accounts.
Automated suppressions
Reduce false positives with workflows that enable app teams to request time-bound exceptions and admins to automate approvals.
Continuous enforcement
Maintain desired state for accounts by automating drift remediation to enforce policies, and proactively secure cloud configurations by resolving new violations.
Integrations
Support for 350+ resource types across AWS, Azure, Google Cloud and Kubernetes including Amazon GuardDuty, Amazon Inspector, Amazon SQS, Microsoft Defender for Cloud, Google Cloud Security Command Center, Slack, Splunk, Webhook, and Jira Cloud.
 Tanzu Guardrails Editions |
For cloudFree |
For cloudAdvanced |
For cloud and hostsEnterprise |
|---|---|---|---|
| Cloud inventory and search | |||
| Landing zones policies template | |||
| Config drift management | |||
| CIS benchmark compliance | |||
| Cloud security posture and compliance | |||
| Auto remediation | |||
| Host config management | |||
| Host vulnerability scanning | |||
| Learn more | Contact us | Contact us |
Frequently Asked Questions
What is Tanzu Guardrails?
Tanzu Guardrails is a multi-cloud governance service to scale end-to-end policy enforcement across clouds and Kubernetes. The service enables organizations to consistently enforce standards that help regulate cost, reduce risks and optimize performance across clouds, Kubernetes and hosts. It combines preventative and detective techniques by providing policy as code, security posture management, and host config management and vulnerability scanning.