Struggling to find cloud security expertise?

Our dashboards correlate events across the multi cloud and on-premise, Reduce resolution time time by 95%

Start Risk Assessment

Webinar

AI-LLM-webinar-card
1/4

eBook

ebook

Get eBook worth $199 for Free

DOWNLOAD NOW
2/4

Blog

mssp

Why AccuKnox is the most MSSP Ready CNAPP?

LEARN MORE
3/4

Comparison

Comparison

Searching for Alternative CNAPP?

COMPARE NOW
4/4

Observability with Auto Discovered Policies

Observability with Auto Discovered Policies | How to Automate Zero Trust in DevSecOps

In this insightful technical explainer, Ankur Kotiwal, Software Engineer at AccuKnox, introduces a groundbreaking approach to securing modern cloud-native applications using observability data and automated policy discovery. If you’re working in Kubernetes, cloud security, or DevSecOps, this video is a must-watch to understand how real-time application insights can fuel a scalable Zero Trust model.

Traditional security practices often rely on manually analyzing system and network logs to craft policies. However, this approach is time-consuming, error-prone, and almost impossible to scale—especially in dynamic environments where applications evolve constantly. This video addresses that challenge by showing how observability data—logs, metrics, and traces—can be transformed into least-permissive security policies using automation.

🔍 What Is Observability and Why It Matters

Observability is the ability to understand a system’s behavior by analyzing its outputs. In the context of security, it can offer deep insights into application behavior, performance, and potential vulnerabilities. But the challenge lies in turning raw observability data into meaningful security policies that prevent breaches without breaking functionality.

Ankur walks through the major issues faced by security and DevOps teams today:

  • Manual log analysis often misses critical data.
  • Security postures become outdated quickly as apps change.
  • Maintaining least-permissive, zero-trust policies is complex and unsustainable without automation.

⚠️ Common Challenges in Deriving Policies

The video also outlines the specific obstacles when identifying security policies from observability data:

  • Noise in raw data: Random file accesses or ephemeral connections can clutter policy derivation.
  • Over-granular rules: Writing one rule per flow is inefficient and unmanageable.
  • Wrong abstractions: Policies based on IPs instead of Kubernetes labels lack portability and context-awareness.
  • Lack of aggregation: Without smart data grouping, policy sets become bloated and hard to manage.

✅ The Solution: Auto-Discovered Policies

To overcome these challenges, AccuKnox has developed a policy recommendation engine—an open-source solution integrated into KubeArmor, their CNCF-adopted Kubernetes runtime security platform. This Discovery Engine:

  • Automatically analyzes observability data.
  • Uses advanced aggregation to generate concise, least-permissive policies.
  • Leverages Kubernetes labels for better rule abstraction.
  • Adapts to application changes in real time, keeping policies in sync with the codebase.

The Discovery Engine integrates seamlessly with container network interfaces like Cilium or KubeArmor, and supports multi-cluster environments. By observing workloads during CI/CD stages, it generates differential policy views that reflect only what’s changed, making security posture management dynamic and continuous.

🔐 Real-Time Zero Trust for DevSecOps

The core idea behind this approach is to achieve Zero Trust security in a true DevSecOps model. Instead of creating security policies late in the deployment cycle—or worse, post-incident—this method shifts policy generation left into the development phase. This enables:

  • Early detection of runtime attacks.
  • Enforcement of least-privilege access principles.
  • Continuous policy updates without human error.

By denying everything by default and allowing only essential, observable behavior, organizations can significantly reduce their attack surface while improving compliance and operational efficiency.

🛠️ Why This Matters

Security cannot be an afterthought, especially in today’s complex multi-cloud and microservices-based environments. Manual efforts to secure workloads are not only inefficient but also leave gaps that attackers can exploit. With observability-driven policy automation, teams can:

  • Respond faster to changes.
  • Reduce misconfigurations.
  • Enforce Zero Trust at scale.

The Discovery Engine, developed and maintained as an open source tool by the team behind KubeArmor, is already empowering security-conscious organizations to bridge the gap between visibility and enforcement.


👉 Watch now to learn how to turn observability into a powerful ally for runtime security!
🔗 Learn more at https://www.accuknox.com