Continuous Image Assurance
Prevents unvetted or unapproved images from running anywhere in your environment, based on known vulnerabilities, embedded secrets, OSS licensing, malware detection, and secure image configuration.
Image-to-Container Drift Prevention
Enforces container immutability and detects any unapproved changes to running containers by continuously comparing them to their originating images, including executables, privilege elevation, and image parameters.
Enforcing Least Privileges
Uses machine learning to automatically profile container behavior, whitelisting runtime parameters such as system calls, file access, network access, and executables, improving isolation and preventing privilege escalation.
Granular Monitoring & Logging
Monitors container, pod, node, and cluster activity to detect and report on all policy violations, run/stop events, login events - all of which can be sent to your choice of SIEM (e.g, Splunk, ArcSight, and more).
Container-Level Application Firewall
Segments workloads by automatically creating dynamic firewall rules between container services, ensuring that only whitelisted connections are allowed, and alerting on or blocking network traversal attempts.
The definitive cookbook for securing containerized applications.