A New Powerful Partnership: ARMO + OVHcloud
We’re thrilled to announce a new partnership with OVHcloud, a leading global cloud provider! This...
Sep 3, 2024
We are thrilled to announce the latest enhancement to ARMO Platform: Seccomp Profiles Leveraging eBPF. This feature uses eBPF to take the guesswork out of creating seccomp profiles. Thus, benefiting from the added security seccomp profiles provide, without the risk of “breaking” applications.
A seccomp profile restricts the system calls that containers can make, reducing the attack surface significantly. By leveraging eBPF, ARMO Platform learns application runtime behavior, analyzes which syscalls the container performs, and creates the profiles accordingly. These profiles are enhanced with flexible filtering capabilities, enabling more precise control and real-time monitoring of system calls.
1. Automatic profile generation – ARMO Platform automatically generates seccomp profiles based on workload runtime behavior. To this end, ARMO Platform leverages its eBPF sensor, to specify permitted system calls and dynamic filtering rules.
2. Policy application – ARMO Platform applies these profiles to Kubernetes workloads, utilizing eBPF for real-time monitoring and enforcement.
3. Dynamic enforcement – eBPF provides real-time insights and enforcement, ensuring only allowed system calls are executed while adapting to changing conditions.
In today’s complex security landscape, protecting your Kubernetes workloads requires advanced and adaptive solutions. ARMO Platform enables auto-generation and monitoring of seccomp profiles using eBPF. This offers a powerful combination of static restrictions and dynamic monitoring, ensuring robust security while maintaining operational flexibility. This approach provides unparalleled protection by adapting to real-time conditions and preventing unauthorized actions.
Experience the benefits of auto-generated seccomp profiles today, try it now for free!
We’re thrilled to announce a new partnership with OVHcloud, a leading global cloud provider! This...
We’re honored to share a new partnership with Orange Business (Norway), a global leader in...
CIS Benchmarks are a focused set of guidelines for the secure configuration, vulnerability detection, and...