SlideShare a Scribd company logo

Zero Trust Run-time Kubernetes Security made easy with AccuKnox

Download as PPTX, PDF
AccuKnox
AccuKnox

Lear More about how Accuknox provides you with Identity-driven Security for Data, Kubernetes, and native VM workloads for Private and Public Clouds.

Technology
1 of 30
Zero Trust Run-time Kubernetes Security made easy with AccuKnox THE EASIEST WAY TO HAVE THE BEST OF BOTH WORLDS: KUBERNETES + ZERO TRUST
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX The easiest way to have the best of both worlds: Kubernetes + Zero Trust OPPORTUNITY Kubernetes is a powerful orchestration technology for deploying, scaling and managing distributed applications and it has taken the industry by storm over the past few years. However, due to its inherent complexity, relatively few enterprises have been able to realize the full value of Kubernetes: manage their assets impeccably leave alone securing them. SOLUTION Partnering with Stanford Research Institute (SRI International)’s innovations in the areas of Container Security, Anomaly Detection, Data Provenance/Data Security, AccuKnox has made Zero Trust Run Time Security deployable and usable by mainstream enterprises. “Container usage for production deployments in enterprises is still constrained by concerns regarding security, monitoring, data management and networking.” — Gartner, Best Practices for Running Containers and Kubernetes in Production, August 4, 2020. “Container adoption is increasing, and security must come along for the ride. Organizations value the scalability and agility that containers offer, but containers introduce new security challenges that can’t be addressed with traditional security and networking tools. Commonly accepted security tools like vulnerability scanners, network forensics, and endpoint detection and response (EDR) are too heavyweight for a container environment. Security pros need cloud native tools that are purpose-built for high scale, lightweight, ephemeral container environments.” — Best Practices for Container Security, Forrester Research, July 24, 2020. 2 ISSUE
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX In the next few chapters, we will go over: 3 Security Challenges in Kubernetes/Containers 1 What is Zero Trust? 2 Why is Identity the New Perimeter? 3 What is Run Time Security? 4 What is Data Security? 5 How does AccuKnox deliver Run Time Security? 6
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Containers are transient and ephemeral 4 EVOLUTION OF SERVER WORKLOAD ABSTRACTIONS PHYSICAL • Monolithic applications • Physical servers as unit of scaling • Life span of years VIRTUAL MACHINES • Hardware virtualization • VMs as unit of scaling • Life span of months to years CONTAINERS • OS Virtualization • Applications/services as unit of scaling • Life span of minutes to days SERVERLESS Source: Gartner 2019 Security Challenges in Kubernetes/Containers 1 1 of 4
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Containers are vulnerable to zero-day attacks 5 Source: Gartner 2019 Kubernetes console was vulnerable, and hackers were able to take control and find the credentials to AWS cloud. They were able to gain access to S3 buckets with sensitive data, as well as run cryptocurrency mining in Kubernetes pods. Linux kernel vulnerability CVE- 2017-7308 can be used to change the current process’s namespaces into process 1’s and the host’s namespaces by calling a Linux kernel system call, allowing a full escape to host. An insecure Kubernetes cluster console was found by scanning publicly available IPs on kubelet TCP port 10250 Exploited containers allowed attackers to overwrite host runc library and gain root access to the container hosts Security Challenges in Kubernetes/Containers 1 2 of 4
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX 6 Security Challenges in Kubernetes/Containers 1 3 of 4 Current Perimeter Defenses Firewalls, End Point address only North-South [17% of the traffic] Current Container Security Solutions Do not have a mechanism to affirmatively enforce Policy Compliance DATA CENTER DATA CENTER Inter-container security is rarely enforced East–West North–South
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX 7 Traditional approaches to Linux, VM security like IPTables are not effective and are not scalable/cost- effective for securing large scale container workloads Security Challenges in Kubernetes/Containers 1 4 of 4
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Zero Trust Tenets 8 What is Zero Trust? 2 1. The network is always assumed to be hostile 2. Assume threat actors are already inside your network 3. Network locality (segmentation) is not sufficient for deciding trust in a network 4. Every device, user and network flow is authenticated and authorized 5. Policies must be dynamic and calculated from as many sources of data as possible 6. The device is no longer the border. A user/service’ identity is the net border 7. Containers, serverless and cloud are the new disruptors of traditional security architecture ZERO TRUST ADAGE: Verify…then Trust… …continuously Verify RONALD REAGAN: Trust but verify. [John Kindervag who coined the term Zero Trust]
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Gurus have spoken! – Embrace Zero Trust! 9 What is Zero Trust? 2
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX The Future has arrived! – Identity is the New Perimeter! 10 Why is Identity the New Perimeter? 3
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform 11 ASSETS PROTECTED CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave ACCUKNOX ENTERPRISE PLATFORM ACCUKNOX PATENTED INNOVATIONS DEVELOPED IN PARTNERSHIP WITH STANFORD RESEARCH INSTITUTE OPEN SOURCE FOUNDATIONS
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform 12 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox is the industry’s most comprehensive Zero Trust Security platform that helps you secure your current assets (Network, Application, Data) and your strategic future assets (API, Serverless, IoT, 5G
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Data Security, Data Provenance 13 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Based on 10+ years of Data Provenance research at Stanford and helps you answer the following questions: 1. Which process [e.g., app] was used to create this data object [e.g., file]? 2. When the process ran what were the other data object it wrote? 3. What data objects did the process read? 4. Could any data have flowed from this data object to that data object? 5. What is the sensitivity of a given data flow or connection between processes?
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Data Security, Data Provenance 14 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox IoT/EDGE Security 15 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Due to the wide diversity of IoT devices the IoT security challenges center around how to provide Agentless Diagnostics in a very Heterogenous Environment. Unique aspects of IoTKnox include: 1. Passive Agent based device discovery 2. No modification to device firmware 3. Use of fingerprinting techniques to identify device make/model/application 4. Scan against well-known vulnerability database 5. Passive Agent connected to edge router 6. Can isolate a malicious device automatically 7. Anomaly Detection 8. SPIFFE Integration with last-mile protocols such as DNP3, DLMS/COSEM
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox 5G Security 16 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave U.S. 5G Open Architecture is designed to enable 3rd party application ecosystem using a microservice architecture framework. • AccuKnox 5G Security facilitates System-level Policy Enforcement and cloud-based security management for 5G environment • AccuKnox core technologies can be applied to ensure security compliance, monitoring, scalable policy policy generation and management
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Continuous Compliance 17 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Dynamic Inventory enriched with: • K8s Metadata • L7 identity Inventory Out-of-the-box Templates for Industry-standard compliance frameworks (PCI, SOC2, etc.) K8s SIG-Policy standards-based Templates Managed via Kubernetes API and kubectl cli Allows creation of internal Org-specific templates OSCAL Standards- based Evidence Reports Easy integration with existing GRC Platforms Accuknox UI and Dashboard Compliance, Security, Platform and Application team roles Remediate Audit Define Controls Report Audits linked to dynamic strong L7 identity (x.509, jwt) Audit system, network and data events Correlation across clusters and cloud platforms
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Policy Management Lifecycle 18 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Recommend Preview Stage / Audit Auto - Generate System Network Data Unsecured East-West Access Zero-Trust (least-privilege) whitelist Policies Commit
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Policy Management Lifecycle 19 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Micro-segmentation 20 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Svc A Svc C Svc B Svc D Svc X Svc Y Malware Svc P Svc Q Svc A IdP (OIDC) x. 5 0 9 jwt - Azure AD - Okta - Cloud AuthN
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Enterprise Integration 21 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox provides comprehensive integration with 3rd party security platforms
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Anomaly Detection 22 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox provides un-supervised learning- based Anomaly Detection to discover malicious activity in large scale Kubernetes environments
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Policy Management Foundations 23 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox leverages proven, opensource policy management foundation platforms. OPA (Open Policy Agent) is a Declarative, Context-aware, Expressive, Fast, Portable policy management framework. It allows you to decouple policy from the service's code so you can release, analyze, and review policies (which security and compliance teams love) without sacrificing availability or performance. Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work with tools like kubectl, kustomize, and Git.
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Identity Management Foundations 24 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox uses very strong industry standard Opensource platforms like SPIFFE and SPIRE for User and Service Management, Attestation, Enforcement, etc. SPIFFE Secure Production Identity Framework for Everyone, provides a secure identity, in the form of a specially crafted X.509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and complex network-level ACL configuration. SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue SVIDs to workloads, and verify the SVIDs of other workloads, based on a predefined set of conditions. SPIFFE and SPIRE were developed by Scytale, Inc which was acquired by HPE in Feb 2020
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox eBPF / Cilium 25 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Cilium is opensource software for providing and transparently securing network connectivity and load-balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes. A new Linux kernel technology called eBPF (enhanced Berkeley Packet Filter) is at the foundation of Cilium. It supports dynamic insertion of eBPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. eBPF is highly efficient and flexible. To learn more about eBPF, visit eBPF.io.
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox KubeArmor 26 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave KubeArmor is a Container-aware Runtime Security Enforcement System. Developed and supported by AccuKnox it has received wide acclaim and great support from the opensource community.
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Confidential Computing/Enclave 27 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Gartner opines that by 2025, 50% of large organizations will adopt privacy-enhancing computation for processing data in untrusted environments and multiparty data analytics use cases. Gartner has identified privacy-enhancing computation as a key enterprise technology trend for 2021 and enabler for processing and analyzing highly sensitive data. The three pillars of data security involve protecting data at rest, in transit, and in use. A number of tech leaders (AMD, ARM, Facebook, Google, IBM, Microsoft, Oracle, Vmware) are developing standards and are developing opensource tools. AccuKnox will be embracing these in its efforts to deliver the most comprehensive Zero Trust solution.
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform – How do we stack up? 28 Accuknox Brand A Brand B Brand C Brand C Applicatio n (Container / Pod ) Runtime Runtime application security on Kubernetes using LSM ✔✔✔ ✔✔✔ Secure Enclaves ✔✔✔ Recommendations and Policy Lifecycle Management ✔✔✔ Container and Vulnerability Scanning ✔✔ ✔✔✔ Container Forensics and VAE ✔✔✔ ✔ ✔✔✔ Container Compliance Templates ✔✔✔ ✔✔ ✔✔✔ Data Runtime data security ✔✔✔ Data Provenance and Compliance templates ✔✔✔ Network Kubernetes Network Policies ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ Advanced Network Policy Semantics ✔✔✔ ✔✔✔ ✔✔✔ SPIFFE Identity integration for AuthN ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ Recommendations and Policy Lifecycle Management (Staged Policies) ✔✔✔ ✔ ✔✔✔ ✔✔✔ ✔ Support for L7 visibility and L7 policy controls ✔✔ ✔ ✔✔ ✔ ✔✔ Observability (Flow Viz, Telemetry, etc.) ✔✔✔ ✔✔ ✔✔✔ ✔✔✔ ✔ Network Forensics and Anomaly Detection ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ Network Compliance Templates ✔✔✔ ✔✔ ✔✔✔ ✔✔✔ ✔
ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform Summary 29 IN SUMMARY, WITH ACCUKNOX YOU CAN: Isolate and protect every kind of container workload with identity as a perimeter Track tainted data and enable data provenance in a container first world Enable networking and system level restrictions over containers to easily comply with a wide variety of compliance needs Enable enterprise grade container security with the best of breed container security technologies – eBPF and LSM Build container workloads to operate in Enclaves by leveraging Confidential computing. THE FOLLOWING ARE OUR KEY DIFFERENTIATORS:  Industry’s most Comprehensive Identity Driven Zero Trust Solution for: Containers, Functions, API, Data, IoT, 5G  Built on proven OpenSource products: OPA, Kyverno, KubeArmor, SPIFFE, eBPF/Cilium  Leverages seminal technologies from SRI in the areas of Anomaly Detection, Container Security and Data  Highly differentiated, patented innovation [10+ patents]  Future Proof Product/Tech Roadmap  Validation by Fortune 100 companies and Silicon Valley Cloud Native Tech Leaders  Seasoned team with a record of disciplined execution and Customer/Partner Success
About AccuKnox AccuKnox provides a Zero Trust Run-time Kubernetes Security platform. AccuKnox is built in partnership with SRI (Stanford Research Institute) and is anchored on seminal inventions in the areas of: Container Security, Anomaly Detection and Data Provenance. AccuKnox can be deployed in Public and Private Cloud environments. Visit www.accuknox.com

Recommended

eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes BasicsEueung Mulyana
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumScyllaDB
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerFrederik Mogensen
 

Recommended

eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes BasicsEueung Mulyana
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumScyllaDB
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerFrederik Mogensen
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In DeepMydbops
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservicesThomas Graf
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to HelmHarshal Shah
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Securityinovex GmbH
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...ContainerDay Security 2023
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with KubernetesSatnam Singh
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)Vladimir Melnic
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Weaveworks
 
Forging a Secure Path to Private 5G Networks for Enterprises
Forging a Secure Path to Private 5G Networks for EnterprisesForging a Secure Path to Private 5G Networks for Enterprises
Forging a Secure Path to Private 5G Networks for EnterprisesPanoptica
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 

More Related Content

What's hot

Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In DeepMydbops
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservicesThomas Graf
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to HelmHarshal Shah
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Securityinovex GmbH
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...ContainerDay Security 2023
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with KubernetesSatnam Singh
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Weaveworks
 

What's hot (20)

Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to Helm
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with Kubernetes
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
 

Similar to Zero Trust Run-time Kubernetes Security made easy with AccuKnox

Forging a Secure Path to Private 5G Networks for Enterprises
Forging a Secure Path to Private 5G Networks for EnterprisesForging a Secure Path to Private 5G Networks for Enterprises
Forging a Secure Path to Private 5G Networks for EnterprisesPanoptica
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
Wireless body area network
Wireless body area network Wireless body area network
Wireless body area network subhradeep mitra
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewSteven Russo
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor KhoroshchenkoKuberton
 
Efficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudEfficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudIRJET Journal
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingCharles "Chuck" Speicher Jr.
 
The Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesThe Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesJacopo Nardiello
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSEric Smalling
 
[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical DeviceICS
 
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...IRJET Journal
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Block Armour Brochure
Block Armour BrochureBlock Armour Brochure
Block Armour BrochureBlock Armour
 

Similar to Zero Trust Run-time Kubernetes Security made easy with AccuKnox (20)

Forging a Secure Path to Private 5G Networks for Enterprises
Forging a Secure Path to Private 5G Networks for EnterprisesForging a Secure Path to Private 5G Networks for Enterprises
Forging a Secure Path to Private 5G Networks for Enterprises
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
Wireless body area network
Wireless body area network Wireless body area network
Wireless body area network
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
 
Efficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudEfficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using Cloud
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of building
 
The Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesThe Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on Kubernetes
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device
 
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Insecure mag-19
Insecure mag-19Insecure mag-19
Insecure mag-19
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Block Armour Brochure
Block Armour BrochureBlock Armour Brochure
Block Armour Brochure
 

Recently uploaded

Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 

Zero Trust Run-time Kubernetes Security made easy with AccuKnox

  • 1. Zero Trust Run-time Kubernetes Security made easy with AccuKnox THE EASIEST WAY TO HAVE THE BEST OF BOTH WORLDS: KUBERNETES + ZERO TRUST
  • 2. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX The easiest way to have the best of both worlds: Kubernetes + Zero Trust OPPORTUNITY Kubernetes is a powerful orchestration technology for deploying, scaling and managing distributed applications and it has taken the industry by storm over the past few years. However, due to its inherent complexity, relatively few enterprises have been able to realize the full value of Kubernetes: manage their assets impeccably leave alone securing them. SOLUTION Partnering with Stanford Research Institute (SRI International)’s innovations in the areas of Container Security, Anomaly Detection, Data Provenance/Data Security, AccuKnox has made Zero Trust Run Time Security deployable and usable by mainstream enterprises. “Container usage for production deployments in enterprises is still constrained by concerns regarding security, monitoring, data management and networking.” — Gartner, Best Practices for Running Containers and Kubernetes in Production, August 4, 2020. “Container adoption is increasing, and security must come along for the ride. Organizations value the scalability and agility that containers offer, but containers introduce new security challenges that can’t be addressed with traditional security and networking tools. Commonly accepted security tools like vulnerability scanners, network forensics, and endpoint detection and response (EDR) are too heavyweight for a container environment. Security pros need cloud native tools that are purpose-built for high scale, lightweight, ephemeral container environments.” — Best Practices for Container Security, Forrester Research, July 24, 2020. 2 ISSUE
  • 3. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX In the next few chapters, we will go over: 3 Security Challenges in Kubernetes/Containers 1 What is Zero Trust? 2 Why is Identity the New Perimeter? 3 What is Run Time Security? 4 What is Data Security? 5 How does AccuKnox deliver Run Time Security? 6
  • 4. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Containers are transient and ephemeral 4 EVOLUTION OF SERVER WORKLOAD ABSTRACTIONS PHYSICAL • Monolithic applications • Physical servers as unit of scaling • Life span of years VIRTUAL MACHINES • Hardware virtualization • VMs as unit of scaling • Life span of months to years CONTAINERS • OS Virtualization • Applications/services as unit of scaling • Life span of minutes to days SERVERLESS Source: Gartner 2019 Security Challenges in Kubernetes/Containers 1 1 of 4
  • 5. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Containers are vulnerable to zero-day attacks 5 Source: Gartner 2019 Kubernetes console was vulnerable, and hackers were able to take control and find the credentials to AWS cloud. They were able to gain access to S3 buckets with sensitive data, as well as run cryptocurrency mining in Kubernetes pods. Linux kernel vulnerability CVE- 2017-7308 can be used to change the current process’s namespaces into process 1’s and the host’s namespaces by calling a Linux kernel system call, allowing a full escape to host. An insecure Kubernetes cluster console was found by scanning publicly available IPs on kubelet TCP port 10250 Exploited containers allowed attackers to overwrite host runc library and gain root access to the container hosts Security Challenges in Kubernetes/Containers 1 2 of 4
  • 6. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX 6 Security Challenges in Kubernetes/Containers 1 3 of 4 Current Perimeter Defenses Firewalls, End Point address only North-South [17% of the traffic] Current Container Security Solutions Do not have a mechanism to affirmatively enforce Policy Compliance DATA CENTER DATA CENTER Inter-container security is rarely enforced East–West North–South
  • 7. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX 7 Traditional approaches to Linux, VM security like IPTables are not effective and are not scalable/cost- effective for securing large scale container workloads Security Challenges in Kubernetes/Containers 1 4 of 4
  • 8. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Zero Trust Tenets 8 What is Zero Trust? 2 1. The network is always assumed to be hostile 2. Assume threat actors are already inside your network 3. Network locality (segmentation) is not sufficient for deciding trust in a network 4. Every device, user and network flow is authenticated and authorized 5. Policies must be dynamic and calculated from as many sources of data as possible 6. The device is no longer the border. A user/service’ identity is the net border 7. Containers, serverless and cloud are the new disruptors of traditional security architecture ZERO TRUST ADAGE: Verify…then Trust… …continuously Verify RONALD REAGAN: Trust but verify. [John Kindervag who coined the term Zero Trust]
  • 9. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX Gurus have spoken! – Embrace Zero Trust! 9 What is Zero Trust? 2
  • 10. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX The Future has arrived! – Identity is the New Perimeter! 10 Why is Identity the New Perimeter? 3
  • 11. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform 11 ASSETS PROTECTED CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave ACCUKNOX ENTERPRISE PLATFORM ACCUKNOX PATENTED INNOVATIONS DEVELOPED IN PARTNERSHIP WITH STANFORD RESEARCH INSTITUTE OPEN SOURCE FOUNDATIONS
  • 12. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform 12 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox is the industry’s most comprehensive Zero Trust Security platform that helps you secure your current assets (Network, Application, Data) and your strategic future assets (API, Serverless, IoT, 5G
  • 13. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Data Security, Data Provenance 13 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Based on 10+ years of Data Provenance research at Stanford and helps you answer the following questions: 1. Which process [e.g., app] was used to create this data object [e.g., file]? 2. When the process ran what were the other data object it wrote? 3. What data objects did the process read? 4. Could any data have flowed from this data object to that data object? 5. What is the sensitivity of a given data flow or connection between processes?
  • 14. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Data Security, Data Provenance 14 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave
  • 15. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox IoT/EDGE Security 15 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Due to the wide diversity of IoT devices the IoT security challenges center around how to provide Agentless Diagnostics in a very Heterogenous Environment. Unique aspects of IoTKnox include: 1. Passive Agent based device discovery 2. No modification to device firmware 3. Use of fingerprinting techniques to identify device make/model/application 4. Scan against well-known vulnerability database 5. Passive Agent connected to edge router 6. Can isolate a malicious device automatically 7. Anomaly Detection 8. SPIFFE Integration with last-mile protocols such as DNP3, DLMS/COSEM
  • 16. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox 5G Security 16 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave U.S. 5G Open Architecture is designed to enable 3rd party application ecosystem using a microservice architecture framework. • AccuKnox 5G Security facilitates System-level Policy Enforcement and cloud-based security management for 5G environment • AccuKnox core technologies can be applied to ensure security compliance, monitoring, scalable policy policy generation and management
  • 17. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Continuous Compliance 17 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Dynamic Inventory enriched with: • K8s Metadata • L7 identity Inventory Out-of-the-box Templates for Industry-standard compliance frameworks (PCI, SOC2, etc.) K8s SIG-Policy standards-based Templates Managed via Kubernetes API and kubectl cli Allows creation of internal Org-specific templates OSCAL Standards- based Evidence Reports Easy integration with existing GRC Platforms Accuknox UI and Dashboard Compliance, Security, Platform and Application team roles Remediate Audit Define Controls Report Audits linked to dynamic strong L7 identity (x.509, jwt) Audit system, network and data events Correlation across clusters and cloud platforms
  • 18. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Policy Management Lifecycle 18 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Recommend Preview Stage / Audit Auto - Generate System Network Data Unsecured East-West Access Zero-Trust (least-privilege) whitelist Policies Commit
  • 19. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Policy Management Lifecycle 19 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave
  • 20. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Micro-segmentation 20 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Svc A Svc C Svc B Svc D Svc X Svc Y Malware Svc P Svc Q Svc A IdP (OIDC) x. 5 0 9 jwt - Azure AD - Okta - Cloud AuthN
  • 21. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Enterprise Integration 21 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox provides comprehensive integration with 3rd party security platforms
  • 22. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Anomaly Detection 22 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox provides un-supervised learning- based Anomaly Detection to discover malicious activity in large scale Kubernetes environments
  • 23. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Policy Management Foundations 23 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox leverages proven, opensource policy management foundation platforms. OPA (Open Policy Agent) is a Declarative, Context-aware, Expressive, Fast, Portable policy management framework. It allows you to decouple policy from the service's code so you can release, analyze, and review policies (which security and compliance teams love) without sacrificing availability or performance. Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work with tools like kubectl, kustomize, and Git.
  • 24. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Identity Management Foundations 24 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave AccuKnox uses very strong industry standard Opensource platforms like SPIFFE and SPIRE for User and Service Management, Attestation, Enforcement, etc. SPIFFE Secure Production Identity Framework for Everyone, provides a secure identity, in the form of a specially crafted X.509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and complex network-level ACL configuration. SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue SVIDs to workloads, and verify the SVIDs of other workloads, based on a predefined set of conditions. SPIFFE and SPIRE were developed by Scytale, Inc which was acquired by HPE in Feb 2020
  • 25. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox eBPF / Cilium 25 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Cilium is opensource software for providing and transparently securing network connectivity and load-balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes. A new Linux kernel technology called eBPF (enhanced Berkeley Packet Filter) is at the foundation of Cilium. It supports dynamic insertion of eBPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. eBPF is highly efficient and flexible. To learn more about eBPF, visit eBPF.io.
  • 26. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox KubeArmor 26 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave KubeArmor is a Container-aware Runtime Security Enforcement System. Developed and supported by AccuKnox it has received wide acclaim and great support from the opensource community.
  • 27. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Confidential Computing/Enclave 27 CONTINUOUS COMPLIANCE MITRE, NIST, PCI, GDPR, CCPA, HIPAA, SOC2, NERC, FERC ZERO TRUST POLICY MANAGEMENT MICRO-SEGMENTATION ENTERPRISE INTEGRATION SIEM, SOAR, SSO/RBAC PRIVATE AND PUBLIC CLOUD Network Application Data API Serverless IoT 5G Data Security, Data Provenance Un-supervised learning-based Anomaly Detection OPA, Kyverno – Policy Management SPIFFE – Identity Management Layer eBPF / Cilium KubeArmor Confidential Computing / Enclave Gartner opines that by 2025, 50% of large organizations will adopt privacy-enhancing computation for processing data in untrusted environments and multiparty data analytics use cases. Gartner has identified privacy-enhancing computation as a key enterprise technology trend for 2021 and enabler for processing and analyzing highly sensitive data. The three pillars of data security involve protecting data at rest, in transit, and in use. A number of tech leaders (AMD, ARM, Facebook, Google, IBM, Microsoft, Oracle, Vmware) are developing standards and are developing opensource tools. AccuKnox will be embracing these in its efforts to deliver the most comprehensive Zero Trust solution.
  • 28. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform – How do we stack up? 28 Accuknox Brand A Brand B Brand C Brand C Applicatio n (Container / Pod ) Runtime Runtime application security on Kubernetes using LSM ✔✔✔ ✔✔✔ Secure Enclaves ✔✔✔ Recommendations and Policy Lifecycle Management ✔✔✔ Container and Vulnerability Scanning ✔✔ ✔✔✔ Container Forensics and VAE ✔✔✔ ✔ ✔✔✔ Container Compliance Templates ✔✔✔ ✔✔ ✔✔✔ Data Runtime data security ✔✔✔ Data Provenance and Compliance templates ✔✔✔ Network Kubernetes Network Policies ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ Advanced Network Policy Semantics ✔✔✔ ✔✔✔ ✔✔✔ SPIFFE Identity integration for AuthN ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ Recommendations and Policy Lifecycle Management (Staged Policies) ✔✔✔ ✔ ✔✔✔ ✔✔✔ ✔ Support for L7 visibility and L7 policy controls ✔✔ ✔ ✔✔ ✔ ✔✔ Observability (Flow Viz, Telemetry, etc.) ✔✔✔ ✔✔ ✔✔✔ ✔✔✔ ✔ Network Forensics and Anomaly Detection ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ ✔✔✔ Network Compliance Templates ✔✔✔ ✔✔ ✔✔✔ ✔✔✔ ✔
  • 29. ZERO TRUST RUN-TIME KUBERNETES SECURITY MADE EASY WITH ACCUKNOX AccuKnox Zero Trust Security Platform Summary 29 IN SUMMARY, WITH ACCUKNOX YOU CAN: Isolate and protect every kind of container workload with identity as a perimeter Track tainted data and enable data provenance in a container first world Enable networking and system level restrictions over containers to easily comply with a wide variety of compliance needs Enable enterprise grade container security with the best of breed container security technologies – eBPF and LSM Build container workloads to operate in Enclaves by leveraging Confidential computing. THE FOLLOWING ARE OUR KEY DIFFERENTIATORS:  Industry’s most Comprehensive Identity Driven Zero Trust Solution for: Containers, Functions, API, Data, IoT, 5G  Built on proven OpenSource products: OPA, Kyverno, KubeArmor, SPIFFE, eBPF/Cilium  Leverages seminal technologies from SRI in the areas of Anomaly Detection, Container Security and Data  Highly differentiated, patented innovation [10+ patents]  Future Proof Product/Tech Roadmap  Validation by Fortune 100 companies and Silicon Valley Cloud Native Tech Leaders  Seasoned team with a record of disciplined execution and Customer/Partner Success
  • 30. About AccuKnox AccuKnox provides a Zero Trust Run-time Kubernetes Security platform. AccuKnox is built in partnership with SRI (Stanford Research Institute) and is anchored on seminal inventions in the areas of: Container Security, Anomaly Detection and Data Provenance. AccuKnox can be deployed in Public and Private Cloud environments. Visit www.accuknox.com