AccuKnox Zero Trust CNAPP for Advanced Cloud Security
AccuKnox Zero Trust CNAPP for Advanced Cloud Security
By AccuKnox
Certified enterprise ready
Cloud Security that secures “Build to Runtime”. Compliant with SOC2, STIG, PCI, HIPAA, CIS, MITRE, NIST and more. One Platform that can do Agentless ASPM and CSPM, CWPP, KSPM and KIEM. AI-LLM powered durable, reliable and scalable CNAPP solution.
Software version
1.7
Runs on
OpenShift 4.11 - 4.18
Delivery method
Products purchased on Red Hat Marketplace are supported by the provider. Beyond documentation and developer communities, specialists and product maintainers may be available to address your concerns.
FAQs
AccuKnox’s Cloud Workload Protection Platform (CWPP) achieves runtime security by leveraging CNCF sandbox project, KubeArmor, which is a cloud-native runtime security enforcement system by AccuKnox that restricts and have more granular control over the application behavior such as process execution, file access, and networking operation of containers and nodes at the system level.
AccuKnox leverages KubeArmor, which is a cloud-native runtime security enforcement system that leverages Linux Security Modules to secure the workloads. LSMs are really powerful but they weren’t built with modern workloads including Containers and Orchestrators in mind. Hence, eBPF has provided us with the ability to extend capabilities and BPF LSM provide us with the ability to load our custom programs with decision-making into the kernel seamlessly helping us protect modern workloads. Therefore, KubeArmor helps to enforce security posture wherein any malicious attacks will be stopped before execution, known as in-line mitigation (mentioned by Forrester report)
AccuKnox CWPP solution provide Discovery Engine agent that assesses the security posture of your workloads and auto-discovers the policy-set required to put the workload in least-permissive mode. We also provide Shared Informer Agent which collects information about cluster like pods, nodes, namespaces etc. The Policy Discovery Engine discovers the policies using the workload and cluster information that is relayed by Shared Informer Agent.