Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Security for Kubernetes
By Red Hat
Certified enterprise ready
Red Hat Advanced Cluster Security for Kubernetes provides a Kubernetes-native architecture for container security, enabling DevOps and InfoSec teams to operationalize full life cycle Kubernetes security.
Runs on
OpenShift 4.6 - 4.16
Delivery method
Operator
Advanced Cluster Security for Kubernetes protects containerized applications across build, deploy, and runtime. The platform automates DevSecOps, enforces security policies against risky deployments, and offers runtime threat detection and response.
Visibility
• Delivers a comprehensive view of your deployments, including images, pods, and configurations, • Discovers and displays network traffic in all clusters spanning namespaces, deployments, and pods. Captures critical system-level events in each container
Vulnerability Management
• Scans images for known vulnerabilities based on specific languages, packages, image layers • Correlates vulnerabilities to running deployments, not just images • Enforces policies based on vulnerability details—at build time using continuous integration/continuous delivery (CI/CD) integrations, at deploy time using dynamic admission controls, and at runtime using native Kubernetes controls
Compliance
Assesses compliance across hundreds of controls for CIS Benchmarks, payment card industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), and NIST SP 800-190 • Delivers at-a-glance dashboards of overall compliance across each standard’s controls with evidence export to meet auditors’ needs • Provides detailed view of compliance details to pinpoint clusters, nodes, or namespaces that don't comply with specific standards and controls
Network Segmentation
• Visualizes allowed vs. active traffic between namespaces, deployments, and pods, including external exposures • Simulates network policy changes before they’re implemented to minimize operational risk to the environment • Baselines network activity and recommends new Kubernetes network policies to remove unnecessary network connections • Uses network enforcement capabilities built into Kubernetes to ensure consistent, portable, and scalable segmentation
Risk Profiling
• Visualizes allowed vs. active traffic between namespaces, deployments, and pods, including external exposures • Simulates network policy changes before they’re implemented to minimize operational risk to the environment • Baselines network activity and recommends new Kubernetes network policies to remove unnecessary network connections • Uses network enforcement capabilities built into Kubernetes to ensure consistent, portable, and scalable segmentation
Pricing summary
Plans starting at
Visibility, Vulnerability Management, Compliance, Network Segmentation, Risk Profiling
Configuration Management, Runtime detection and response, Integrations
2 Cores or 4 VCPUs per year - Includes Premium Support