TL;DR
The latest Aviatrix release extends Zero Trust for Workloads with critical capabilities that secure runtime workload communication across all cloud environments:
Expanded Workload Protection: Serverless function support and Kubernetes CRDs eliminate blind spots in dynamic environments
Advanced Threat Prevention: Inline IPS and AES-256 encryption stop attacks before they succeed
Future-Proof Scalability: IPv6 support reduces costs and prepares for large-scale growth
Zero trust traditionally stops at the perimeter, leaving workload-to-workload communication unprotected. Once inside the cloud, workloads communicate freely across accounts, regions, and clouds with no runtime enforcement. Cloud native architectures like Kubernetes and serverless functions create additional blind spots where lateral movement and data exfiltration often go undetected.
Aviatrix Zero Trust for Workloads delivers runtime enforcement for every workload—virtual machines, containers, and serverless functions—across every major cloud. Through our Cloud Native Security Fabric, we provide inline control, identity-aware policies, and continuous compliance evidence where traditional firewalls and posture tools can't reach.
Contact your Aviatrix representative today to upgrade and secure the runtime layer of your cloud environments.
1. Expanded Workload Protection & Control
This release extends security coverage to ephemeral and dynamic environments, closing blind spots inherent in modern cloud architectures where workloads spin up and down in milliseconds, bypassing traditional perimeter controls.
Serverless Function Support (Early Access): Securing AWS Lambda at Runtime
Aviatrix now offers firewalling support for AWS Lambda as an early access feature, addressing a critical gap in zero trust implementations.
The Challenge: Serverless functions are dynamic and ephemeral with constantly changing IP addresses. They often have broad network access by default, making them perfect launchpads for data exfiltration while remaining invisible to traditional security tools.
The Solution: Aviatrix extends zero trust enforcement to serverless workloads with:
Automated discovery of all functions across linked AWS accounts
Zero-touch deployment requiring no agents or code modifications
Dynamic policy enforcement that follows functions as they scale
Complete visibility with audit trails for all serverless traffic
This capability prevents data exfiltration at the serverless layer and provides the runtime enforcement that compliance frameworks increasingly require.
Kubernetes CRDs: Native Cloud-Native Integration
Aviatrix now offers Kubernetes Custom Resource Definitions (CRDs) for Distributed Cloud Firewall policies, enabling direct configuration from Kubernetes resources.
Why This Matters: Traditional firewalls can't keep pace with Kubernetes workloads that scale dynamically. Our CRDs unify firewall policies across clusters, providing consistent zero trust enforcement without impacting developer velocity or requiring service mesh complexity.
This integration strengthens microsegmentation within cloud native environments, ensuring least-privilege access follows workload identity rather than static IP addresses.
2. Advanced Threat Prevention & Compliance
This release focuses on proactive security measures that stop attacks before they succeed and meet the hardened encryption standards that regulatory frameworks demand.
Egress IPS (Preview): Runtime Threat Prevention
Aviatrix embeds Suricata inline within our Cloud Native Security Fabric for real-time intrusion prevention across all cloud environments.
Moving Beyond Detection to Prevention: Unlike traditional IDS that only generates alerts, our inline IPS sits in-path to actively block exploit traffic, malware, and command-and-control communication before it reaches workloads.
Why this matters for Aviatrix customers:
Contain lateral movement by blocking attacks in real-time
Accelerate compliance with proof of active zero trust enforcement
Reduce operational burden through automated prevention rather than reactive investigation
All threat events correlate with Aviatrix session data in CoPilot, providing unified visibility and audit-ready evidence for regulatory requirements.
Strong Cipher Support: Meeting Regulatory Standards
Aviatrix Active Mesh IPSec connections now support AES-256-GCM encryption with Perfect Forward Secrecy (PFS) using DH21 for enhanced runtime protection.
Compliance-Ready Encryption: This enhancement aligns with NIST standards and supports strict regulatory requirements including HIPAA 2025, PCI DSS 4.0, DORA, and NIS2. Zero trust fails without runtime encryption; this ensures workload traffic remains protected even when attackers breach the perimeter.
3. Future-Proofing Network Scalability
This release addresses operational challenges of growing cloud environments, specifically targeting cost optimization and the transition to modern addressing standards that large enterprises require.
IPv6 Support (Preview): Reducing Costs and Scaling Growth
Aviatrix now offers IPv6 support in preview, delivering end-to-end capabilities across our platform with dual-stack networking (IPv4 + IPv6) for multicloud environments.
The Business Driver: Public IPv4 addresses have become scarce and costly. AWS already charges for IPv4 usage, and large enterprises are prioritizing IPv6 for scalability and security.
Customer Benefits:
Cost optimization by reducing dependency on expensive IPv4 pools and avoiding CSP surcharges
Improved performance through simplified routing and modern encryption standards
Operational efficiency with streamlined troubleshooting and Terraform automation
Future-ready scaling for edge-to-cloud routing and hybrid deployments
Operational Efficiency: Unified Management Across Clouds
IPv6 integration works seamlessly with Aviatrix FireNet, segmentation domains, and MP-BGP, ensuring operational continuity through robust observability and diagnostics. This unified approach eliminates the complexity of managing different firewall policies across AWS, Azure, GCP, and OCI.
Securing the Runtime Layer: Where Zero Trust Actually Matters
Traditional zero trust focuses on user access, but workload-to-workload communication represents the largest attack surface in cloud environments. Aviatrix Zero Trust for Workloads secures this runtime layer with:
Inline enforcement that doesn't require network redesign
Identity-aware policies that follow workload metadata, not IP addresses
Continuous compliance evidence aligned with CISA ZTMM 2.0
Multicloud consistency across all major cloud providers
The result: lateral movement contained, data exfiltration blocked, and audit-ready proof of zero trust maturity across your entire cloud infrastructure.
Take Action: Advance Your Zero Trust Maturity
Contact your Aviatrix representative today to upgrade to this release and extend zero trust protection to every workload in your environment.
Want to identify blind spots in your current security posture? Take our free and agentless Workload Attack Path Assessment to discover where attackers could move laterally within your cloud infrastructure.
Read more about all features and enhancements in this release.
