Get The Overview Paper

Computing Cell Capabilities

The Computing Cell has you—and your complete workload—covered completely. Suddenly, the cloud is a safe environment.



Bracket protects compute instances, including virtual machines and containers, through their entire lifecycle. To begin, boot disk encryption establishes a clean OS baseline, eliminating the risk of image tampering. Then boot policies allow control over what is deployed where, how, and when. Examples include allowing an image to boot only in particular geographic locations, or only on particular OS versions, among others. Finally, the industry’s first and only runtime integrity capability provides ongoing protection for a running OS and its security agents.


Bracket’s protection—including micro-segmentation—requires no agents, virtual appliances, or changes to applications, OS, or existing networks. Implemented independently of the underlying physical infrastructure or IP addresses, micro-segmentation policies are easy to create, deploy, and manage consistently across the hybrid cloud. Expressed in plain English in terms of applications, data, and network flows, these policies can be as granular as by instance or data volume, or as high level as by environment. By avoiding complex IP addresses, subnets, and VLANs, Bracket reduces the number of rules that must be managed. Significantly, even network links can be transparently encrypted and workloads can connect securely—even across clouds—while retaining the ability to control traffic by type.


Data is your most precious asset. Our focus is to protect it. All data at rest—boot disks, local (ephemeral) disks, attached block storage, and object stores such as S3—are encrypted with built-in data integrity protections. Our encryption is always on, backed by a Hardware Security Module you can control, and cannot be disabled even with root access. We automate key management and access Intel’s AES-NI crypto instruction set to accelerate performance. We also let you enforce data residency policies.

Security Operations

Bracket preserves separation of duties in a self-service world by providing security teams with policy management capabilities that are transparent to development and operations teams. In addition to policy enforcement, real-time visibility of policy and network flows allows enterprises to see what’s happening across their modern hybrid data center and comply with audit requirements at all times. Security teams retain complete control of all encryption keys and key operations. And Bracket’s powerful event-driven forensics captures a snapshot of memory at the precise moment a breach occurs to enable high-fidelity investigation and auditability.

Bracket solves your real-world problems.

See it in action.
Go To Solutions