AccuKnox: Deploying Zero Trust Security Solutions for Cloud Workloads

Virtual Machines (VMs) and Containers have been used to emulate physical hardware and operating systems (OS) to run applications on multiple server ecosystems. And while these containers act as a streamlining element to build, deploy or revamp applications, they still need to be orchestrated to identify or rectify complexities. Given the size of many organizations, they have to work on hundreds of workloads per day demanding a common platform that can automate container deployment. To that end Kubernetes is one of the most popular open-source platforms to orchestrate, deploy and scale containers and their applications among known container orchestrators. Based on CPU utilization and metrics; and declarative policies, it performs container-related services and distributes the workload across the network. However, ensuring security on these ephemeral and transient containers is far more challenging than delivering security and compliance on traditional workloads (VMs, Bare metal). These Kubernetes workloads are prone to lateral attacks, credential thefts, zero day attacks (ransomware, bitcoin miner, etc.) Various organizations like Tesla and Shopify have commented about the Kubernetes console having a vulnerable security system and revealing instances where credentials and IP addresses were exploited/exposed.

As more organisations and business entities embrace containers and their orchestrators, the security systems protecting these containers must be elevated tools like vulnerability scanners, network forensics, and end-to-end detection and response (EDR). The need of the hour is a fully cloud native toolset that is designed for high-scale, ephemeral container environments—Enter AccuKnox.

AccuKnox offers the most comprehensive and flexible Zero Trust CWPP (Cloud Workload Protection Platforms)

Founded in 2020, AccuKnox is a leading Zero-Trust, Kubernetes security provider for containers/servers, networks, applications, and data. In partnership with SRI International's [erstwhile Stanford Research Institute] Computer Science and Cyber security labs, the company provides specialized security solutions for Kubernetes-encountered Pods, Containers, and applications. In the Kubernetes/Container workload, since IP address is no longer a meaningful attribute, AccuKnox embraces the architectural model “Identity is the new perimeter”, one where users and services are assigned a cryptographically signed digital certification which is used to perform fully authenticated transactions. The effort required to implement effective security often impedes developer productivity. Hence, AccuKnox delivers Zero Trust in a DevSecOps model AccuKnox detects traffic flows auto-generates security policies. Furthermore, AccuKnox’ unsupervised machine learning model [Variational Auto Encoder (VAE)] can be leveraged to detect anomalies and deviations in production cluster workloads, thereby detecting potential breaches in a at run time in a pro-active manner. Advanced capabilities like Policy Lifecycle, Continuous Compliance, Integration with Security Eco-system (SIEM, SOAR, etc.) make AccuKnox one of the most comprehensive ZeroTrust CWPP (Cloud Workload Protection Platforms). “Implementing a Zero Trust Security Model is the need of the hour for Enterprises and Governments.
AccuKnox makes it easy for organizations to deploy and manage Zero Trust in a DevSecOps model,” states Nat Natraj, Co- Founder and CEO of AccuKnox. Standing head and shoulders above other contemporary cyber security solutions, the AccuKnox platform protects forward lookings assets like IoT, API, 5G, and serverless systems; while supporting legacy assets like VMs and Baremetal. Thereby, AccuKnox is able to deliver a durable, future-proof ZeroTrust solution to help organizations and governments address current and emerging CyberSecurity challenges. AccuKnox leverages proven opensource engines like Open Policy Agent (OPA), Kyverno, Secure Production Identity Framework for Everyone (SPIFFE), SPIRE, and Extended Berkeley Packet Filters (eBPF)/Cilium. AccuKnox is also a key contributor to these OpenSource projects.

As Cilium is known for its transparently protected software, it functions at Layer 3/4 and Layer 7 to safeguard modern application protocols such as HTTP and gRPC. As one of the primary solutions, AccuKnox's KubeArmor security system shields workloads, libraries, and dependencies in the containers using LSMs.

Based on 5+ years of research and development at Stanford Research Institute, AccuKnox is well poised to be the innovator and leader in the Zero Trust Cloud Security space. AccuKnox is very well capitalized and has received investments from prestigious venture firms like National Grid Ventures, z5Capital, and several seasoned Silicon Valley Tech Leaders. Continued innovations in API, Serverless, IoT, 5G security, etc. positions AccuKnox to achieve a leadership position in a large and expanding market in years to come.