Container Environments

The (Container A lightweight and portable executable image that contains software and all of its dependencies. Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling.) Environments page shows your environments onboarded to CloudGuard:

• Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. clusters

• ShiftLeft The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed. environments

• Container registries

as well as assets that are part of other managing environments (for example, AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. or Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®.) but not protected by CloudGuard:

• AWS EKS Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS and on-premises. clusters

• Azure Kubernetes Service clusters

• ECR

• ACR

For each environment and asset, you can enable available features and see the status of the features that are already enabled.

Use Cases

Typical use cases to illustrate the control of Container Environments from one central location.

• Review feature status

• Review agent status

• Identify unsecured assets and onboard them (set protection)

Features to Onboard

• Posture Management - This feature is enabled by default when you onboard an environment to CloudGuard, and it cannot be disabled. To learn more, see Kubernetes Posture Management

• Admission Control - To learn more, see Admission Control

• Image Assurance - To learn more, see Image Assurance

• Threat Intelligence - To learn more, see Intelligence for Kubernetes Containers

• Runtime Protection - To learn more, see Kubernetes Runtime Protection

Viewing Unsecured Environments

With multiple environments onboarded to CloudGuard, it is sometimes hard to monitor which clusters and container registries are onboarded and which are not. The Container Environments page provides information about these assets at a glance. It supports EKS, AKS, ECR, and ACR.

To see unprotected clusters and registries:

1. Navigate to Workload Protection > Container Assets > Environments. This shows a list of environments added to CloudGuard.

2. Click the header of the Onboarding Time column to adjust its order and scroll the table to see the environments with a Click To Onboard link in this cell. These assets are onboarded to CloudGuard as part of other environments and are not secured with container security features.

3. As an alternative, filter the environments by Status: Unsecured.

To enable protection:

• Use the Click to Onboard link to open the onboarding wizard.

  • For more information about onboarding clusters, see Onboarding Kubernetes Clusters.

  • For more information about onboarding container registries, see Onboarding Container Registries.

More Links

• Kubernetes Containers

• Create a ShiftLeft Environment and Service Account

• Container Registry Scanning