Frequently Asked Questions (FAQ)

In AccuKnox CSPM, we support agentless scanning for Public Cloud Infrastructure. For Infrastructure behind a firewall or private cloud, Accuknox CSPM leverages open source based agents to manage remote nodes for automated reporting, error log Delivery, microservice monitoring, user shell activity, and resource monitoring.

In AccuKnox CWPP, we leverage open source CNCF sandbox project KubeArmor for scanning and inline mitigation from known attacks. Together we provide complete static and runtime security for a variety of workloads whether they are on Public/Private Cloud, VM, Baremetal, or pure containerized workload.

Applications

• For Kubernetes – Daemonset
• For Containers, VM – Systemd mode

Infrastructure

• Public Cloud – Agentless (API Scan) for SaaS based usage
• On-Prem or Datacenter – On-prem deployment using Helm charts

Currently we are located in the US region. Based on the requirement we can have it hosted in any global or local region; For success stories browse our case studies

• CSPM
• ASPM
• DevSecOps security in CI/CD pipeline
• CWPP
• Container Images Scanning
• CDR (Cloud Detection or Response) or CDM (Continuous Diagnostic & Mitigation)

In the ASPM Security solution, unlike other tools, AccuKnox provides the flexibility to integrate a variety of open source and commercial security scanning tools through built-in parsers to provide a composite security posture of your infrastructure.

This is done in 2 contexts, mainly:

• Remove dependencies and scoped results from one tool
• Bring in contextual understanding of vulnerabilities and prioritization based on that

Further, we also correlate and normalize results from a variety of security scanning tools and provide detailed results of vulnerabilities across infrastructure.

AccuKnox Cloud Security Posture Management (CSPM) tool scans the Cloud Account to assess vulnerabilities and misconfigurations that are present in the cloud infrastructure based on security best practices and benchmarks. AccuKnox also enables you to handle vulnerabilities with the ability to mark false positives, waiting for 3rd party or accepted risks and many more, so that you get to act on findings that are remediable and containing the SLA. We also provide comprehensive compliance reports based on various security governance for third party assessment operators (3PAO) auditing.

AccuKnox’s CNAPP tool checks for compliance and governance based on various benchmarks like STIG, CIS, NIST CSF, HIPAA, MITRE, SOC2, CMMC, Fisma.

Tools supported out of the box –

LSMs are already enabled in the environment and use host based LSM security. Since the attacker usually has direct access to the pod, AccuKnox uses Inline remediation to stop the processes before executing. Therefore, inline remediation does not slow down the process.

Compliance Frameworks (MITRE, CIS, NIST) for hardening workloads.

Understanding the Application behavior using LSMs.

Hardening Policies:

• These are block based policies
• These policies are suggested according to compliance framework
• They help to harden the workload against know attacks
• We can implement workload hardening and file integrity monitoring using these policies

Behavioral Policies:

• These are allow based policies
• These policies are generated according to application behavior
• They create a zero trust environment for the workloads
• We can implement network micro segmentation and zero trust using these policies

Yes, it can show up in terms of application behavior & logs.

AccuKnox’s Cloud Workload Protection Platform (CWPP) achieves runtime security by leveraging CNCF sandbox project, KubeArmor, which is a cloud-native runtime security enforcement system by AccuKnox that restricts and provides more granular control over the application behavior such as process execution, file access, and networking operation of containers and nodes at the system level.

AccuKnox KubeArmor is a cloud-native runtime security enforcement system that leverages Linux Security Modules to secure the workloads. LSMs are really powerful but they weren’t built with modern workloads including Containers and orchestrators in mind. eBPF enables us to extend capabilities and BPF LSM provides us with the ability to load our custom programs with decision making into the kernel seamlessly helping us to protect modern workloads. Therefore, KubeArmor helps to enforce security posture wherein any malicious attacks can be stopped before execution, known as inline mitigation (mentioned by Forrester report)

KubeArmor leverages best of breed Linux Security Modules (LSMs) such as AppArmor, BPF-LSM, and SELinux for inline mitigation to reduce the attack surface of the pod/container/VM. LSMs have several advantages over any other techniques. By using LSMs, KubeArmor does not have to disturb pods/containers and also does not require change at host or CRI level to apply security policies.

KubeArmor is deployed as a non-privileged daemonset with certain capabilities that allow it to monitor other pods/containers and host. A given cluster can have multiple nodes utilizing different LSMs so KubeArmor abstracts the complexities of the LSMs and provides an easy way for policy enforcement.

Accknox enables DevSecOps teams to embed security policies as code into their GitOps workflow. This provides a unified, collaborative view of the policies and enables them to be shipped and deployed along with the applications they are protecting. Hence, utilizing GitOps based policy version control, it will be easy to enforce changes to policies and keep track of versions in case of audit or rollback requirement along with approval mechanisms.

AccuKnox CWPP provides micro-segmentation at the lowest possible granularity level which is also a smallest execution unit in Kubernetes i.e. Pods. We will help you to identify process execution requests from the pods, network connections the pods are trying to make internally or externally and files-system the pods are accessing. By observing the behavior of a particular pod and restricting that behavior so that it functions according to the expected flow of process/events/traffic, one can develop a least permissive security posture from creating a whitelisting policy and auditing/denying everything else.

Accuknox CWPP solution provide Discovery Engine agent that assesses the security posture of your workloads and auto-discovers the policy-set required to put the workload in least-permissive mode. We also provide Shared Informer Agent which collects information about cluster like pods, nodes, namespaces etc. The Policy Discovery Engine discovers the policies using the workload and cluster information that is relayed by Shared Informer Agent.

KubeArmor is a security solution for the Kubernetes and cloud native platforms that helps protect your workloads from attacks and threats. It does this by providing a set of hardening policies that are based on industry-leading compliance and attack frameworks such as CIS, MITRE, NIST-800-53, and STIGs. These policies are designed to help you secure your workloads in a way that is compliant with these frameworks and recommended best practices.

In Kubernetes, the network policy resource is a set of network traffic rules that are applied to a group of pods in a Kubernetes cluster. The network policy specifies how a pod is allowed to communicate with others. Network policy controllers (running as pods in the Kubernetes cluster) convert the requirements and restrictions of the network policies that are retrieved from the Kubernetes API into the network infrastructure.

By implementing a zero trust posture with KubeArmor, organizations can increase their security posture and reduce the risk of unauthorized access or activity within their Kubernetes clusters. This can help to protect sensitive data, prevent system breaches, and maintain the integrity of the cluster. KubeArmor supports allow-based policies which result in specific actions to be allowed and denying/auditing everything else. For example, a specific pod/container might only invoke a set of binaries at runtime. As part of allow-based rules you can specify the set of processes that are allowed and everything else is either audited or denied based on the default security posture.

AccuKnox supports following types of workloads:

• K8s orchestrated workloads: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset.
• VM/Bare-Metals workloads: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host processes. In this case, Kubearmor is deployed in system deemed mode.

Post-exploit Mitigation works by killing the suspicious process in response to an alert indicating malicious intent. In this case an attacker will be allowed to be able to execute its binary and could possibly disable the security controls, access logs, etc to circumvent the attack detection. By the time the malicious process is killed, it might have already deleted, encrypted, or transmitted the sensitive contents.

Inline Mitigation on the other hand prevents the malicious attack at the time of happening itself. It doesn’t allow the attack to happen by protecting the environment with security policy or firewall. AccuKnox’s open source tool KubeArmor provides Inline Mitigation. KubeArmor uses inline mitigation to reduce the attack surface of pod/container/VM. KubeArmor leverages best of breed Linux Security Modules (LSMs) such as AppArmor, BPF-LSM, and SELinux (only for host protection) for inline mitigation.

Accuknox Enterprise version consists of various agents such as:

• KubeArmor: KubeArmor is a cloud-native runtime security enforcement system that restricts the behavior (such as process execution, file access, and networking operation) of containers and nodes at the system level. KubeArmor dynamically set the restrictions on the pod. KubeArmor leverages Linux Security Modules (LSMs) to enforce policies at runtime.
• Feeder Service: It collects the feeds from kubeArmor and relays to the app.
• Shared Informer Agent: It collects information about the cluster like pods, nodes, namespaces etc.
• Policy Discovery Engine: It discovers the policies using the workload and cluster information that is relayed by a shared informer Agent.

AccuKnox can integrate multiple Cloud Account, Registries, SIEM platform, Ticketing or Notifications Tools and the list is ever growing. AccuKnox is pretty flexible to support the progression of the list with the customer’s request as our roadmap item. Some of the supported today are as follows:

• Security Events/SIEM : Splunk, Rsyslog, AWS CloudWatch, Elastic Search, Webhooks
• Notification Tools: Slack, Jira, PagerDuty, Emails
• Ticketing Tools: Jira, FreshService, Connectwise, Zendesk,
• Registries: Nexus, ECR, GCR, DockerHub

With edge computing shifting towards containerized workloads and in few cases to orchestrated Kubernetes workloads, it becomes important to have a security solution which can not only provide enforcement into different forms of deployment but can also provide real-time container-rich observability. KubeArmor supporting un-orchestrated containers, k8s workloads and bare metal VMs makes it an ideal universal engine. Its kernel-level runtime security enforcement and container aware observability brings the best of both worlds.

Yes, we do, we have signed up a few MSSPs and are on an aggressive path to sign up a lot more globally (Traditional Security MSSPs, Cloud Native MSSPs, Telco Carriers, etc.)

It is as part of the roadmap and expected by Q1 2025

You get hardening policies via AccuKnox enforcement engine KubeArmor

If it is an end customer – here is the SLA.

If it is a MSSP model, it is a revenue share.

We have a 100% partner aligned go to market approach. to this goal, we provide our partners the following

• Free training, certification
• Joint marketing
• Lead sharing

We are in the process of listing on

• AWS
• Azure
• GCP
• Oracle
• VMWare
• IBM/OpenShift

We have a global partnership with TCS
We have a reseller partnership with Ambisure.

We support following cloud platforms –

• Public Cloud – AWS, AZURE, GCP, Oracle

We support on-prem environments like

• Managed Cluster – OpenShift, Rancher, VMWare Tanzu
• Unmanaged Cluster – Vanilla k8s (using kubeadm), microK8s, K3S
• DC or VM

Please visit our pricing page for detailed understanding.

We are committed to a 100% partner aligned go to market model. 

• Resellers
• ISV (independent software vendors) – integrations
• MSSPs
• Systems Integrators 
• Distributors

Contact us at [email protected] to get more information

Here is our reseller contract, we will be open to a discussion: https://www.accuknox.com/accuknox_reseller_agreement
Contact us at [email protected] to get more information.

Its great for any DevSecOps, CISOs or SOC team who wants to understand specific on-demand queries about security. It can help to accelerate productivity, efficiency and proactive responses to security concerns.

Ask Ada competes with Sysdig Sage and other CNAPP Chatbot curated for security. Here are its understanding based on its features –

Advantages:

• On-demand answers to all kinds of platform related questions, statistics or information related question about compliance or vulnerabilities
• Curated responses based on security Personas – such as CISO’s, DevSecOps
• Get attack relationship from comparison of various threat vectors across the infrastructure
• Drastically reduce learning curve and accelerate proactive response to critical cloud risks

Disadvantages:

• Its a standalone environment which could require additional compute, storage or memory to run and hence can incur costs
• For proactive remediation, its best to go with human-in-the-loop model
• Answer to the question largely depends on the data it was last trained on and hence periodic training would be a requirement
• Data is still the King! Means the more the data system learns on.. The better informed it could be on the aspects of responses on abstracted query.

Ask Ada follows best practices of RBAC and ensures multi-tenancy in the tenant hosted data with guardrails on the prompt as well as the questions. It also ensures security based on OWASP LLM Top 10.

Ask Ada was built while considering efficiency and productivity as major outcomes for the DevSecOps or CISOs so that they can make informed decisions and get curated responses reducing delta time in fetching the information. Also its good at summarizing a lot of data over the period of time and showcase trends for more deeper analysis.

Its plug and play where we offer to host the same in customer env as On-Prem or SaaS (in secured multi-tenant environment).

Its one of the main objective is to reduce learning curve and it can start generating value since day 1 and largely depends on asking security questions at real-time without having to deal with point-in-time snapshot.

About vulnerabilities:

1. Does AccuKnox have its own vulnerability database?
2. How is the vulnerability database used in an air-gapped environment on-premises?
3. What is the frequency of database updates?
4. What is the hit rate of vulnerabilities?
5. Are there any dashboard

comparisons with WhiteSource & Black Duck?

About Codex:

1. Can AccuKnox integrate with Codex for convenient management alongside other tools?
2. Please provide the related methods and documentation if possible. If not, why isn’t Accuknox on Codex?

About Honeypot:

• Does AccuKnox have a honeypot to divert traffic when under heavy attack for analysis purposes? – Not supported
• Are there any recommendations using Accuknox with Acalvio?
• Can AccuKnox support multi-tenancy features?
• How detailed can permissions be set?
• Will send that we can support and maybe create a simple doc
• Can AccuKnox on-board VM manage Windows VMs? Can you provide the method for this?
• Not supported

Technical inquiries:

1. At product implementation your documents state that there is a guide or AI for support, is not it accompanied by human technical support? How much time does it take to have the product working?

• a. AccuKnox technical support is not automated with AI, but with a dedicated team of Solution Engineers & DevOps. For detailed support tiers, please refer to below table for support tiers:
• 

• 2. At daily activities do you provide human technical support? Is it 24h/7d? Does it have extra cost or is it included?
• Please refer above

• 3. If you have a demo or video showing the product into actions we would like to watch it.
• Yes, we do have a very crisp and succinct product demonstration – Refer to this 10 mins YT video

Business inquiries:

• 1. As you are already working with 1-2 partners in Spain and a few in Europe …Which currency do you use to establish pricing and make payments?
• AccuKnox is a product based out of US region proprietorship. AccuKnox CNAPP billing will be handled only by one currency, which is USD.

• 2. Which is the official location of Accuknox for the relationship (to evaluate taxing and other issues)?
• United States

• 3. Which is the standard “commission” for Partners” and Is it constant through all the life of the contract with the client and so it is paid monthly?
• We can flexibly do the SPIF incentives per the mutual agreement between us

• 4. Which is the info that you require to understand that a “valid offer” has been submitted into your system and give preference to a partner before other partners?
• We require our partners to do “Deal Registration” (page link here)
• Our partners can get the deal registration visibility, on need basis – contact us anytime at [email protected] to get the visibility (or) any deal registration queries.

• 5. We saw some “Development funds” among the advantages for partners. What do they consist of?
• MDF (Market Development Funds) are something that we usually provide to our channel partners to generate a pipeline of revenue streams. PFB general tiers:
• We can discuss it further with Our Global Partnership Head to discuss the MDF %

• 6. Can you provide us with the General Terms and Conditions for Partners? This will allow us to understand commercially the way you work (scope of work, price, payment, marketing materials, liabilities, dispute resolution procedures and so)
• All details regarding the partnership guidelines – refer this document