We are thrilled to announce the latest enhancement to ARMO Platform: Seccomp Profiles Leveraging eBPF. This feature uses eBPF to take the guesswork out of creating seccomp profiles. Thus, benefiting from the added security seccomp profiles provide, without the risk of “breaking” applications.

What is a seccomp profile and why use eBPF?

A seccomp profile restricts the system calls that containers can make, reducing the attack surface significantly. By leveraging eBPF, ARMO Platform learns application runtime behavior, analyzes which syscalls the container performs, and creates the profiles accordingly. These profiles are enhanced with flexible filtering capabilities, enabling more precise control and real-time monitoring of system calls.

How do seccomp profiles work on ARMO Platform?

1. Automatic profile generation – ARMO Platform automatically generates seccomp profiles based on workload runtime behavior. To this end, ARMO Platform leverages its eBPF sensor, to specify permitted system calls and dynamic filtering rules.

2. Policy application – ARMO Platform applies these profiles to Kubernetes workloads, utilizing eBPF for real-time monitoring and enforcement.

3. Dynamic enforcement – eBPF provides real-time insights and enforcement, ensuring only allowed system calls are executed while adapting to changing conditions.

Feature highlights

1. Enhanced security – Implementing Seccomp Profiles provides precise and dynamic control over system calls. Thus, significantly reducing the attack surface. Using eBPF takes the guesswork and human error out of defining seccomp profiles since they are created automatically, based on actual workload behavior.
2. Real-time monitoring – The eBPF monitors system calls in real time and provides immediate insights and response capabilities.
3. Customizable policies: Create and apply tailored seccomp profiles that leverage eBPF’s flexibility to meet specific security needs.
4. Seamless integration – Integrate these seccomp profiles with your existing Kubernetes infrastructure without disruption.

Why add eBPF to seccomp profiles?

In today’s complex security landscape, protecting your Kubernetes workloads requires advanced and adaptive solutions. ARMO Platform enables auto-generation and monitoring of seccomp profiles using eBPF. This offers a powerful combination of static restrictions and dynamic monitoring, ensuring robust security while maintaining operational flexibility. This approach provides unparalleled protection by adapting to real-time conditions and preventing unauthorized actions.

Experience the benefits of auto-generated seccomp profiles today, try it now for free!

The post NEW: ARMO Platform Introduces Auto-Generation of Seccomp Profiles appeared first on ARMO.

*** This is a Security Bloggers Network syndicated blog from ARMO authored by Yossi Ben Naim. Read the original post at: https://www.armosec.io/blog/auto-generation-of-seccomp-profiles/