fix issues early and fast ▪ Accelerate app delivery with security automation Aqua: our approach ▪ Enforce immutability – no patching, no drift ▪ Whitelist good behavior, preventing anomalies ▪ Prevent lateral movement ▪ Secure apps regardless of platform, cloud, or OS ▪ Enable hybrid cloud and cloud migration ▪ Avoid cloud lock-in and security reconfiguration Automate DevSecOps Modernize security through containers Secure once, run anywhere
& node components ▪ Many configuration settings have a security impact ▪ Example: open Kubelet port = root access ▪ Defaults depend on the installer Kubernetes configuration What config settings should I use?
no configuration drift ▪ Tests defined in YAML ▪ Released code follows the CIS Benchmark ▪ Modify for your own purposes kube-bench github.com/aquasecurity/kube-bench
what an attacker would see ▪ github.com/aquasecurity/kube-hunter ▪ Online report viewer ▪ kube-hunter.aquasec.com kube-hunter How do I know the config is working to secure my cluster?