Scribd
Upload
65 views16 pages

AccuKnox Capabilities

AccuKnox provides a comprehensive Code to Cloud security platform that includes features such as agentless monitoring, compliance management, and integration with CI/CD pipelines. The platform supports various deployment options and offers tools for application security posture management, secrets detection, and runtime security. Additionally, it has a roadmap for advanced AI/ML security capabilities and competitive pricing models.

Uploaded by

yosef benti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
65 views16 pages

AccuKnox Capabilities

AccuKnox provides a comprehensive Code to Cloud security platform that includes features such as agentless monitoring, compliance management, and integration with CI/CD pipelines. The platform supports various deployment options and offers tools for application security posture management, secrets detection, and runtime security. Additionally, it has a roadmap for advanced AI/ML security capabilities and competitive pricing models.

Uploaded by

yosef benti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

AccuKnox Capabilities

Code to Cloud Security


AccuKnox Security

Agentless +
Agentless eBPF sensor
1
Observe -
Cloud,
Clusters,
Containers

CSPM ASPM KSPM CWPP

OnPrem & SaaS Deployment Options


4 2
Findings & Ticketing Lifecycle Instant Reports Automatic
and Compliance
Remediations Policies
Compliance & GRC

Projects, Tags, Groups

AI CoPilot AskAda 3
Rules Engine (IFTTT for Findings) Risk
Assessment &
Prioritization
Dashboards, Reporting, RBAC

SIEM/SOAR Integrations

CI/CD DevSecOps
AccuKnox Architecture (HLD)
Application Security Posture Management (ASPM)

Code Scanning IaC Scanning Container Scans


● Terraform, Ansible
● Code Smells ● Using Trivy / Clair
● K8s manifests, Dockerfiles
● Security Issues ● Sensitive asset detection in
● Azure Templates, AWS
● Quality Issues images
CloudFormation

Rules Engine based Prioritization & SCA


WorkFlows for Aggregation ● Checkmarx SCA
Findings ● Using Trivy SCA

Integration: Agentless, CICD


Secrets Detection & Protection

Secrets in IaC
Secrets in Container Secrets in Kubernetes
● Using checkov in terraform,
Images ConfigMaps helm-charts, ansible,
k8s-manifests

Secrets in S3 buckets, Runtime Secrets


Secrets in Code Repos Protection
GCS, File System
(Roadmap: Jan 2025) ● Protect secrets exposed through:
(Roadmap: Jan 2025) ○ env variables
○ config files

Integration: Agentless, CICD


DAST

VM / Bare Metal STIGs


Host & Endpoint API Scanning and CIS
scanning ● Using ZAPProxy, burpsuite ● AccuKnox developed Risk
Assessment Tool (RAT)

Integration: Agentless, CICD


KSPM

K8s Misconfiguration K8s Security Risk


K8s CIS Benchmarks
detection assessment

K8s Identities & Admission Controller K8TLS (TLS Posture)


Entitlements support
● Unused service accounts ● Pod Security Admission support ● Inhouse built tool
● Excessive Permissions for Service ● Kyverno based support ● TLS best practices use
accounts ● OPA support (roadmap) ● Certificates best practices

Integration: Agentless, CronJob mode


Runtime Security

Application Behavior Workload Hardening


Kubernetes,
Monitoring ● File Integrity Monitoring
Containers, VM, ● Cryptomining, Malware Protection
● File, Process, Network,
Baremetal Capabilities
● Root certs, sensitive assets
protection
● Network Graph of workloads

Zero Trust Policy K8s Network


Auto Remediation,
● ZTNA Microsegmentation
● Zero Trust Process
● Automated ingress, egress Preemptive Mitigation
Whitelisting network policy discovery

Integration: Agent based (eBPF sensors)


Cloud Workload Protection Platform (CWPP)

Container
Image/Registry Application
Github/Jenkins Plugins
Scanning Hardening
(9+ registries supported)

DevSecOps/CICD Host Scanning


Model

Integration: Agentless, CICD


General Integrations

Ticketing Notification Channels SIEM


● Jira, FreshService, ● Azure Sentinel
● Slack, Email
ConnectWise, ServiceNow ● Splunk, CloudWatch,
● Suppressions
● Bidirectional ticket sync ● Rsyslog, …

Code Repos DevSecOps


Extensive (+Custom)
● GitHub ● Jenkins
Reporting ● GitLab ● GitHub Actions
● BitBucket ● Azure DevOps
Cloud Security Posture Management (CSPM)

Support for all major Rules Engine based


Asset Inventory
CSPs Workflow

AWS CloudTrail, Azure


Compliance Logs real time analysis
(30+ compliance types)
(Roadmap: Mar 2025)

Integration: Agentless, CICD


Deployment Options

SaaS OnPrem Air Gapped


Red Teaming/Adversarial Emulation

AI/ML/GenAI
Virtual Machine Attack K8s Adversarial
Adversarial Emulation
Simulation Emulation
Red Teaming
Roadmap: ModelKnox (March 2025)

● Sandbox untrusted ● Model Hijacking


● ML/LLM visibility ● Prompt Injection
● Data Fencing
model execution Protection
protection
● Models observability ● Data poisoning
● PyTorch, ● Model Usage view
protection
● Observability into
● Security Posture TensorFlow, Jupyter
prompt usage ● Unauthorized
Management Notebooks, MLOps ● ML Data Security
access

Vulnerability Runtime Security Posture ML/LLM Model Infra & App


Scanning Protection Management Security Security
Summary

● Complete Code to Cloud ● Comprehensive Roadmap


platform
○ GenAI/ML security
○ Best of breed tools in a single platform
○ API Security
○ Orchestrates findings/ticketing
consistently across all dimensions ○ Multi Layer Vulnerability Prioritization
(Runtime visibility ⇒ ASPM)
● Differentiated offering for
Cloud, K8s, Containers.
● SaaS, OnPrem, Air Gapped
deployment options
● Extremely competitive
Pricing/Licensing models

For more information: https://www.accuknox.com/information


SEE USE CASES
IN ACTION
[email protected]

You might also like