Part 1: Introduction to AccuKnox CNAPP on Oracle Cloud Marketplace

Navigating the ever-evolving cloud security landscape demands robust and innovative solutions that can keep pace with the increasing complexity of modern cloud environments. With organizations harnessing the power of Oracle Cloud Infrastructure and utilizing its offerings for digital transformation, the need to ensure comprehensive security for their cloud workloads cannot be understated. 

We are happy to announce that AccuKnox, a differentiated provider of cloud-native security solutions, has achieved the milestone of approval for its Zero Trust Cloud-Native Application Protection Platform (CNAPP) listing on the Oracle Cloud Marketplace.

However, while the AccuKnox CNAPP offering covers a broad scope of security capabilities, this listing emphasizes the robust Cloud Workload Protection Platform for top-of-the-line cloud security on OCI.

Why AccuKnox?

We introduced one of the Industry’s Most Comprehensive Zero-trust CNAPP Platforms.   Look no further for the ultimate solution – our platform provides unparalleled coverage.  With added support for Oracle, we also cater to modern workloads, like K8 and Serverless, and traditional workloads, like Virtual Machine and Bare Metal. Our platform can even handle futuristic workloads like IoT/Edge and 5G. We also deliver both Static and Runtime Security, anchored on innovations in Cloud Security and AI/ML-based Anomaly Detection. 

With over 15 patents, we’re proud to offer an OpenSource, DevSecOps-led delivery model. To top it off, we have an ongoing R&D partnership with the esteemed Stanford Research Institute

AccuKnox CWPP solution is designed to provide unrivaled protection for cloud-native applications and workloads running on Oracle’s Kubernetes Engine. By seamlessly integrating with the OCI container orchestration platform, AccuKnox can deliver a strong runtime security solution that offers complete application protection over their lifecycle—from build to runtime. 

The CWPP support for Oracle Cloud Infrastructure allows organizations to proactively detect and mitigate threats to their cloud-native applications and workloads. It provides advanced security capabilities, such as vulnerability scanning, runtime application self-protection, and continuous monitoring to maintain the highest security and compliance levels. AccuKnox’s CWPP differentiates itself with its ability to offer complete visibility and control in cloud-native environments.  With real-time insights into the security posture of applications, containers, and Kubernetes clusters, AccuKnox enables teams to identify and address potential vulnerabilities, misconfigurations, and anomalies before threat actors can exploit them. 

The solution is immediately available to Oracle customers, enabling further extension of advanced cloud security capabilities into existing OCI environments and furthering their commitment to cloud-native environments. Oracle Container Engine for Kubernetes is a managed Kubernetes service. It makes managing the underlying Kubernetes infrastructure easy with just-in-time Kubernetes cluster provision and ensures reliable operation with automated patching, updates, and scaling.  Oracle Linux is a distribution by Oracle. Based on the Red Hat Enterprise Linux distribution, we primarily use it atop OKE. It includes the Unbreakable Enterprise Kernel, which provides business-critical performance and security optimizations for cloud and on-premises deployment.

AccuKnox CWPP and Runtime Security Support on Oracle

AccuKnox’s Cloud Workload Protection Platform (CWPP) offers zero-trust security by default. It allows specific whitelisted actions and ensures runtime control over application actions.

1. Process’s access to the file system
2. Processes that can be launched inside the pod.  
3. Capabilities that the processes inside the pod can use.

AccuKnox Leverages eBPF-LSM on Oracle Linux

While UEK (Unbreakable Enterprise Kernel) is a heavily fortified kernel image, the security of the pods and the containers is still the application developer’s responsibility. AccuKnox’s runtime security leverages extended Berkeley Packet Filter (eBPF) and Berkeley Packet Filter-Linux Security Module (BPF-LSM) to protect the pods and containers. This is done to protect k8s pods hosted on OKE by limiting system behavior concerning processes, files, and the use of network primitives. For example, a k8s service access token mounted within the pod is accessible by default across all the containers within that pod. 

AccuKnox restricts access to such tokens only for specific processes. Similarly, other sensitive information (e.g., k8s secrets, x509 certificates) within the container is also safeguarded. You can specify policy rules through our dashboard, such that any attempts to update the root certificates in any of the certificate’s folders (i.e., /etc/ssl/, /etc/pki/, or /usr/local/share/ca-certificates/) can be blocked. Moreover, it is also possible to restrict the execution of specific binaries within the containers.

“We are thrilled to announce that AccuKnox has partnered with Oracle Cloud Marketplace during the initial phase of SaaS delivery. AccuKnox’s impressive CNAPP solutions have already demonstrated immense value to Oracle customers, and we anticipate exponential growth in the coming months. Thank you for being a critical partner in our SaaS Delivery pilot phase. Together, we are poised to achieve remarkable success!”
– Jordan Oliver, Product Manager for Oracle Cloud Marketplace

---

Need installation instructions? Read Part 2 Blog: Installing AccuKnox Zero Trust CNAPP via Oracle Cloud Marketplace