Get The Policy Whitepaper
Get the Market Guide for Cloud
Workload Protection
Platforms, 2017

Bracket Capabilities

Enterprise-Grade Security for Hybrid Cloud

01 | Harden the Server

Server Protection

Bracket protects compute instances, including virtual machines and containers, through their entire lifecycle. To begin, boot disk encryption establishes a clean OS baseline, eliminating the risk of image tampering. Then boot policies allow control over what is deployed where, how, and when. Examples include allowing an image to boot only in particular geographic locations, or only particular guest OS versions, among others. The industry’s first and only runtime integrity capabilities prevent malicious privilege escalation and protect your kernel from in-memory attacks, providing ongoing protection for a running OS and its security agents. And key management is automated.

02 | Isolate the Network

Network Micro-Segmentation

Bracket’s network protection requires no agents, virtual appliances, or changes to applications, operating system, or existing networks. Instead, Bracket uses cryptographic key release as the point of policy enforcement, implemented independently of the underlying physical infrastructure or IP addresses. By avoiding IP addresses, subnets, and VLANs, the number of policies that need to be managed is greatly reduced. Expressed in plain English in terms of applications, data, and network flows, policies can be as granular as by instance or data volume, or as high level as by environment. Like all other operations Bracket facilitates, these micro-segmentation policies are easy to create, deploy, and manage consistently across hybrid cloud environments.

03 | Protect the Data

Data Encryption and Integrity

Bracket encrypts all data in motion, and all data at rest—boot disks, local (ephemeral) disks, attached block storage, and object stores such as S3—is encrypted with built-in data integrity. This encryption is always on, backed by a Hardware Security Module you can control, and cannot be disabled even with root access. Bracket automates key management and uses Intel’s AES-NI crypto instruction set to accelerate performance. Data policies ensure total control over sensitive data across environments—including control over residency policies that specify where data can be accessed—or data at certain security levels that are limited to in-network access.

Forensics, Auditability, and Visibility

With Bracket, compliance is a steady state, so security is always provable, at any time—not just at audit time. Real-time visibility of policy and network flows allows enterprises to see what’s happening across their modern hybrid data center and comply with audit requirements at all times. Security teams retain complete control of all encryption keys and key operations, which are integrated with on-premise key infrastructures such as Hardware Security Modules. What’s more, since Bracket’s advanced virtualization technology isolates regulated workloads from the underlying physical infrastructure, the scope of audits is limited. And Bracket’s powerful, event-driven forensics captures a snapshot of memory at the precise moment a breach occurs, enabling high-fidelity investigation.






Key Controlled


High Fidelity

Prove you’re HIPAA compliant.
Let us help.

Prove you’re PCI-DSS compliant.
Let us help.

Want to See It in Action?

Please do. See how Bracket solves your real-world cloud security problems.

Thank You!

The request has been processed, an email has been sent to you.
Thanks for your interest in Bracket.