Skip to main content

Kubernetes Security Overview

Lacework provides a security platform for a range of Kubernetes platforms including:

  • Managed Kubernetes: EKS, GKE, and AKS.
  • Serverless Kubernetes: Fargate and ECS.
  • On-premises and unmanaged Kubernetes: Openshift and Rancher.

Lacework provides visibility and threat detection from build time to runtime through vulnerability management for container images. Kubernetes audit logs let you monitor user and workload activities while the enterprise agent monitors workload processes, network activities and node activities. You can install and use the different Lacework Kubernetes components independently. Each component brings an additional and complementary layer of visibility and detection.

Vulnerability management for container images - You can scan container images and container registries for known vulnerabilities in OS packages and libraries and create policies for immutable and reproducible container images. Go to Container Vulnerability Assessment for more information.

Admission controller for Kubernetes - The admission controller inspects container images as they are deployed to Kubernetes. Create policies to alert or block new deployment and control the execution into containers. Go to Integrate with Kubernetes Admission Controller for more details.

Kubernetes audit logs (Limited Availability) - Audit logs let you monitor all user and workload activities. Detect activities including manual access to pods, new workload creations, new Kubernetes roles, forbidden activities, and authentication issues. Go to the Kubernetes Audit Logs Overview for more information.

Kubernetes Compliance (Beta) - Integrate your Kubernetes cluster with Lacework's compliance platform to monitor configuration compliance of your cluster resources. Enable or disable policies to match your compliance needs, and view reports detailing non-compliant resources and recommendations. Go to EKS Compliance Integrations to learn more.

Kubernetes workload runtime security - The Lacework enterprise agent monitors all containers and their activities (e.g. processes and network activities) as well as Kubernetes nodes. Detect activities such as malicious activities, container escape, data exfiltration, and lateral movement. Go to Lacework for Workload Security for more information.

Polygraphs for Kubernetes - Lacework polygraphs for containers and nodes allow you to visualize Kubernetes clusters' network activities, process activities, user activities, and topology. Go to the Kubernetes Dossier for more information.