Runtime cloud
workload protection
Defend all compute resources
against unauthorized code
Works Seamlessly
with your Cloud Environment
Built for the Cloud
Strong Linux threat detection
No manual rules or policies
No slowdown in performance
How it Works
1. BASELINE
Generate a trusted genetic profile of all software in your infrastructure (your applications, third party applications, operating system)
2. MONITOR
Monitor in runtime for any deviations in memory across the entire cloud native stack (IaaS, CaaS, PaaS) and layers (OS, K8s, containers), while providing full visibility over all software running on your system
3. INSPECT
Genetically inspect the deviation to determine if it’s unauthorized code or just a natural and legitimate deviation
4. ALERT
Alerts on unauthorized code and provides deep context for each threat
5. TERMINATE
Terminate unauthorized code on demand
6. ENFORCE CLEAN
Ensure your systems are in a trusted state and run 100% trusted code
Features and Benefits
Detect
- Detect malicious code and malware in runtime
- Detect unrecognized or unauthorized code
- Detect exploitation of known and unknown vulnerabilities
- Detect suspicious shell commands and Living off the Land (LotL) attacks
Born in the cloud
- Holistic security for all types of compute resources: VMs, containers, Kubernetes, CaaS and FaaS
- Integrated threat intelligence specializing in Linux threats
- Integrate with your favorite DevOps tools including Chef, Puppet, Ansible and more
Visibility
- Monitor and log any running application or code
- Visual dashboard showing high-level security status of all compute resources
Reduce Attack Surface
- Identify and disable unwanted or risky applications
- Identify vulnerabilities in runtime
- Identify misconfigurations
- Align with security benchmarks (CIS, NIST)
Respond
- Quickly terminate any unauthorized code without harming production
- Contextual alerts including origin of code and malware family
- Root Cause Analysis for incidents; identify the point of compromise in order to quickly fix the vulnerability
- Seamlessly integrate with tools such as SIEM, SOAR and even Slack
