Complete runtime visibility and protection over all containers, images, and clusters
Intezer Protect helps shore up your entire virtualization stack, containers, images, clustering, and orchestration in runtime. So, regardless of how diverse your cloud infrastructure may be, Intezer Protect provides the water-tight seal you’re looking for to reduce the attack surface, detect attacks/breaches, and respond to those attacks.
Containers are subject to attacks from Doki and Kaiji. An infected container is not isolated. An attacker can escape to the host and infect other containers and/or applications running on the environment.
Containers are not secure by default
Antivirus/EDRs are not designed to secure containers
Pre-runtime vulnerability scans don’t detect actual attacks when they occur in runtime
Runtime protection with Intezer Protect gives you immediate visibility over all code running in your systems and alerts you whenever malicious or unauthorized code is executed.
Reduce your attack surface
Detect vulnerabilities in container libraries and packages in runtime.
Prioritize active vulnerable packages based on what is running and not just based on what is installed in the image.
Detect misconfigurations according to Docker and Kubernetes CIS benchmarks.
Identify any drift or deviation from the original container image, in memory. Most runtime products only detect threats on disk, which prevents them from detecting post vulnerability exploitation and other in-memory threats. Once limited to sophisticated attackers, fileless malware has become the norm in recent years.
Detect the execution of malicious or unauthorized code.
Secure the Docker host and Kubernetes node in addition to containers.
Ensure visibility and control over your code in production
Continuously monitors your entire stack in runtime for every code and application that is running. With so much code running in your systems, from third party libraries to proprietary software and operating system code, Intezer Protect organizes this mess giving you full runtime visibility.
Secure all types of compute resources (containers, K8s, VMs), all technologies (Docker, Fargate, OpenShift), and cloud providers (AWS, GCP, Azure) under one platform.
Complete visibility over all containers, images and clusters in runtime.
Identify risky administration tools used in attacks such as TeamTNT abusing the Weave Scope container admin tool.
Container-oriented incident response
Contextualized alerts that include container-focused information such as: image name and Kubernetes pod.
Runtime forensic capabilities built for containers.
Meet compliance requirements for cloud and container environments
Demonstrate your compliance with industry regulations such as: – SOC-2 – PCI DSS – HIPAA – CIS and NIST frameworks
Why Intezer Protect?
1Detect actual breaches
Many cloud security products have configuration and vulnerability scanning but not threat detection
Runtime threat detection is necessary for detecting attacks as they happen. Intezer is the fastest to identify attacks in Linux and containerized environments.
2Simplified management without complex configuration policies
Doesn’t require maintaining countless policies and container profiles
Most runtime solutions are based on behavioral profiling which generates high false positives and requires constant tweaking of rules and policies. Our core detection strategy is based on detecting unauthorized code instead of a set of rules. The result is very few false positives, and contextualized alerts indicating only real attacks.
3Enterprise-capable with easy-to-deploy, lightweight agent and low resource consumption
Perfect for highly scalable containerized environments
We average only 0.5% CPU and work seamlessly with Infrastructure as Code (IaC) tools to provide an easy deployment experience. One client deployed Intezer Protect on hundreds of K8s node in 15 minutes by using a DaemonSet.
Get Started
Don’t take our word for it. Try it out for yourself.
With the Intezer Protect Community Edition you can:
Protect up to 10 hosts for free
Detect and terminate unauthorized and malicious code in runtime
Monitor and log any new application running in your cloud environment