The first K8s Security Engine to leverage BPF-LSM
AccuKnox provides one of the industry’s most comprehensive and integrated CNAPP solution which brings together multiple disparate security modules.
Opensource Led. Shift Left Driven. Empowering DevSecOps
Discover KubeArmor, the renowned open-source project developed by AccuKnox and donated to CNCF. This cutting-edge runtime security solution has gained widespread recognition and adoption among top Global 1000 companies and Cloud Native Unicorns. KubeArmor github repo can be accessed here
Discover Cloud Native Runtime Security with KubeArmor
KubeArmor stands out as a one-of-a-kind cloud-native runtime security enforcement system. With its exceptional capabilities, KubeArmor effectively restricts the behavior of pods, containers, and nodes at the system level, ensuring robust protection.
Leverage Linux Security Modules (LSMs) for Inline Prevention
KubeArmor harnesses the strength of Linux security modules such as AppArmor, SELinux, or BPF-LSM to enforce user-specified policies. This advanced technology forms the backbone of KubeArmor’s powerful policy enforcement mechanism.
KubeArmor OpenSource vs AccuKnox Enterprise
| AccuKnox Runtime Security Features |
Open Source |
Enterprise |
|---|---|---|
| Observability into the workload at granular level |
|
|
| In-line remediation for Zero Day Attacks |
|
|
| Manual apply of Security Policies using CLI |
|
|
| Integration to SIEM for security events and Notification tool |
|
|
| Network security using CNI |
|
|
| Auto-Discovered Behavioural Policies |
|
|
| Recommendation of Hardening Policies based on standard compliance framework – MITRE, NIST, PCI-DSS, CIS |
|
|
| Inventory View of Application |
|
|
| Network Graph View of the Application |
|
|
| Network Microsegmentation in the application |
|
|
| Hardening of the Secrets Managers like Hashicorp Vault, CyberArk Conjur |
|
|
| GitOps based Version Control for Policy Lifecycle Management |
|
|
| Rollback of recently changed Policy governing App Behavior |
|
|
| On-the-fly detection of change in App Behavior through Policies |
|
|
| Multi-Tenant, Multi-Cluster, RBAC for user-management |
|
|
| Comprehensive Dashboard across workloads running in |
|
|
| Managed/Unmanaged Cluster, Containerized environment, VM or Bare Metal |
|
|
| Integration with Registries for Container Image Vuln Scan |
|
|
| Telemetry aggregation (Process executed, File accessed, Network connections made) and Alerts events (Audit, Block) |
|
|
FAQs
KubeArmor supports Workloads deployed as k8s orchestrated containers and VM/Bare-Metals workloads
For Kubernetes, the deployment is a demon set.
With edge computing shifting towards containerized workloads and in a few cases to orchestrated kubernetes workloads, it becomes important to have a security solution.
KubeArmor not only provides enforcement into different forms of deployment but can also provide real-time container-rich observability.
KubeArmor supporting un-orchestrated containers, k8s workloads and bare metal VMs makes it an ideal universal engine. Its kernel-level runtime security enforcement and container-aware observability bring the best of both worlds.