Zero Trust Cloud Security
Accuknox provides run-time protection for your Kubernetes and other cloud workloads using Kernel Native Primitives such as AppArmor, SELinux and eBPF.
Get started
Protect your cloud workload in minutes
Installation of KubeArmor
kubectl apply -f kubectl -n kube-system get pods -l kubearmor-app=kubearmor
https://raw.githubusercontent.com/kubearmor/KubeArmor/master/deployments/GKE/kubearmor.yaml
Installation of Cilium
NATIVE_CIDR="$(gcloud container clusters describe $CLUSTER_NAME --zone $CLUSTER_ZONE --format 'value(clusterIpv4Cidr)')" helm repo add cilium https://helm.cilium.io/ helm install cilium cilium/cilium --version 1.9.8 \ --namespace kube-system \ --set nodeinit.enabled=true \ --set nodeinit.reconfigureKubelet=true \ --set nodeinit.removeCbrBridge=true \ --set cni.binPath=/home/kubernetes/bin \ --set gke.enabled=true \ --set ipam.mode=kubernetes \ --set nativeRoutingCIDR=$NATIVE_CIDR
Deploying Accuknox
➜ explorer-charts git:(main) accuknox -p deploy Adding helm repos [*] Hang tight while we grab the latest from your chart repositories... [+] Successfully got an update from the "cilium" chart repository [+] Successfully got an update from the "system-policy" chart repository [+] Successfully got an update from the "accuknox-agents" chart repository [+] Successfully got an update from the "knox-policy" chart repository Update Complete. ⎈Happy Helming!⎈ NOTES: ** Please be patient while the chart is being deployed ** Autodetecting environment Installing Cilium on gke Kubernetes Cluster [*] Skipping: Cilium is already present in Cluster, skipping this step [+] Applying Local Storage on gke Kubernetes Cluster [+] Installing MySQL on gke Kubernetes Cluster [+] Applying prometheus and grafana on gke Kubernetes Cluster [+] Apply KnoxAutoPolicy on on gke Kubernetes Cluster namespace/explorer created service/knoxautopolicy created deployment.apps/knoxautopolicy created serviceaccount/knoxautopolicy created clusterrolebinding.rbac.authorization.k8s.io/knoxautopolicy created
Get your Environment Ready
➜ explorer-charts git:(main) accuknox -p generate -n knox-policy [+] Downloading discovered policies from pod=knoxautopolicy-74f5b5d65b-tv7v7 Got 9 cilium policies for namespace=explorer in file cilium_policies_explorer.yaml Got 5 cilium policies for namespace=kube-system in file cilium_policies_kube-system.yaml Got 2 cilium policies for namespace=spire in file cilium_policies_spire.yaml Got 9 knox policies for namespace=explorer in file knox_policies_explorer.yaml Got 5 knox policies for namespace=kube-system in file knox_policies_kube-system.yaml Got 2 knox policies for namespace=spire in file knox_policies_spire.yaml
"timestamp": 1636115744, "action": "Block", "componentName": "kubearmor", "clusterId": 356, "tenantId": 142, "clusterName": "zomato-staging", "updatedTime": "2021-11-05T12:35:44.377146Z", "hostName": "gke-zomato-staging-default-pool-9eeea7f6-c5f5", "namespaceName": "ns-frontend", "podName": "zomato-frontend-745988f944-sm7r4", "containerID": "e225378c7c71e6a24e4ce50191c2e2b70de80a839dbcede516b3e78c87f36862", "containerName": "frontend-1-order-server", "hostPid": 461784, "ppid": 1435, "pid": 1445, "uid": 0, "policyName": "ksp-mitre-kinsing-cryptomining-malware-block", "severity": "2", "tags": "MITRE,T1496,S0599,MALWARE,T1059.004,T1059,Crypto Mining,CVE-2020-7961", "message": "Incident! Kinsing crypto mining attack is Blocked", "type": "MatchedPolicy", "source": "/var/tmp/kinsing", "operation": "File", "resource": "/var/tmp/kinsing", "data": "syscall=SYS_OPEN flags=/proc/self/exe", "result": "Passed"
Accuknox Cloud
Why are we different?
Automatically generate policies for
your workload in minutes
Accuknox automatically generates network and application protection policies in minutes to quickly deploy protection for your workloads
Anomaly detection to protect against any
malicious behavior
Identity as a perimeter of security:
Use SPIFFE id for network policies
SIEM / SOAR Integrations
kind: CiliumNetworkPolicy
metadata:
name: "Auto-discovered-policy"
spec:
endpointSelector:
matchLabels:
group: bob
app: web
ingress:
- fromEndpoints:
- matchLabels:
group: alice
toPorts:
- ports:
- port: "80"
protocol: TCP
Building trust through
Open Source
KubeArmor is a container-aware runtime security enforcement system that restricts the behavior (such as process execution, file access, networking operation, and resource utilization) of containers at the system level.
Cilium is eBPF-based Networking, Observability, and Security Tool for Kubernetes environments across cloud and on-premises infrastructure. We are focused on adding value to Cilium in the following areas of SPIFFE Based Identity, Policy Discovery, Policy Staging Support and Improved L7 Visibility
Integrations
Our list of integrations is always growing.
See More
Blogs
An Introduction to Kubernetes Security using KubeArmor
The perimeter is porous.. identity is the new perimeter. The last few years has seen a tectonic shift in the velocity and sophistication of software development and
Security Policy Deployment in multiUbuntu with KubeArmor
Data is new oil Don’t let it become your Plutonium, Welcome to Zero Trust Data Security! I presume you were shocked by Amazon’s fine of $888M
Delivering Zero Trust in a DevSecOps model
Several recent events have made Zero Trust security a mandate for companies, governments, and non-profits.
