Kubernetes Integration

Last updated 10 days ago

Kubernetes Integration

Integrating Garnet with your Kubernetes clusters is a key part of extending runtime security to your production and containerized environments. Once available, this integration will allow the Jibril sensor to be deployed across your cluster nodes, providing deep visibility and threat detection for your live applications.

Benefits of Kubernetes Integration (Coming Soon):

Comprehensive Cluster Monitoring: Deploy Jibril agents (typically as a DaemonSet) to monitor activity across all or selected nodes in your Kubernetes cluster.
Runtime Threat Detection: Identify and receive alerts for malicious activities and anomalous behaviors within your pods and on your nodes, such as:
- Malicious Network Communications: Detect attempts by compromised containers to connect to Command & Control (C2) servers, exfiltrate data, or reach known malicious destinations like crypto mining pools.
- Crypto Miner Execution: Identify and flag processes associated with unauthorized cryptocurrency mining within your cluster resources.
- Container Escapes & Lateral Movement: Detect behaviors indicative of attempts to break out of container isolation or move laterally within the cluster.
- Anomalous Process Activity: Flag unexpected or unauthorized processes running within your application pods.
- Unauthorized File Access: Monitor for and alert on attempts to access sensitive files or configurations within containers or on nodes.
Workload-Aware Security: Correlate security events with specific Kubernetes workloads (pods, deployments, namespaces), providing better context for investigation.
Centralized Management via Garnet Platform: View alerts, manage Jibril agent configurations (once deployed), and analyze security events from your Kubernetes environments directly within the unified Garnet Platform dashboard.
Minimal Performance Impact: Leveraging Jibril's efficient eBPF-based architecture, the Kubernetes integration is designed to provide robust security with minimal performance overhead on your cluster nodes and application workloads.
Active Blocking Capabilities (Future): As with other environments, the goal is to extend Garnet's active blocking capabilities to Kubernetes, allowing the system to automatically respond to high-confidence threats by, for example, terminating malicious processes or blocking network connections from compromised pods.

Current Status: Coming Soon

Native, deeply integrated Kubernetes support within the Garnet Platform (e.g., via a dedicated Helm chart) is under active development and will be available soon.

Stay Updated: Please refer to announcements from , the , or contact your Garnet representative for the latest information on availability and specific deployment instructions.
Interim Options (for advanced users with standalone Jibril): While awaiting full platform integration, advanced users familiar with Jibril as a standalone sensor can technically deploy it within Kubernetes (e.g., as a self-managed DaemonSet) and configure it to point to the Garnet Platform. However, this approach requires manual configuration and management of the Jibril agents and their connection to the platform. For details on standalone Jibril, see the .

We are excited to bring you a seamless and powerful Kubernetes integration. Once launched, it will be a critical component for securing your cloud-native applications with Garnet.

Last updated 10 days ago

Benefits of Kubernetes Integration (Coming Soon):

Comprehensive Cluster Monitoring: Deploy Jibril agents (typically as a DaemonSet) to monitor activity across all or selected nodes in your Kubernetes cluster.
Runtime Threat Detection: Identify and receive alerts for malicious activities and anomalous behaviors within your pods and on your nodes, such as:
- Malicious Network Communications: Detect attempts by compromised containers to connect to Command & Control (C2) servers, exfiltrate data, or reach known malicious destinations like crypto mining pools.
- Crypto Miner Execution: Identify and flag processes associated with unauthorized cryptocurrency mining within your cluster resources.
- Container Escapes & Lateral Movement: Detect behaviors indicative of attempts to break out of container isolation or move laterally within the cluster.
- Anomalous Process Activity: Flag unexpected or unauthorized processes running within your application pods.
- Unauthorized File Access: Monitor for and alert on attempts to access sensitive files or configurations within containers or on nodes.
Workload-Aware Security: Correlate security events with specific Kubernetes workloads (pods, deployments, namespaces), providing better context for investigation.
Centralized Management via Garnet Platform: View alerts, manage Jibril agent configurations (once deployed), and analyze security events from your Kubernetes environments directly within the unified Garnet Platform dashboard.
Minimal Performance Impact: Leveraging Jibril's efficient eBPF-based architecture, the Kubernetes integration is designed to provide robust security with minimal performance overhead on your cluster nodes and application workloads.
Active Blocking Capabilities (Future): As with other environments, the goal is to extend Garnet's active blocking capabilities to Kubernetes, allowing the system to automatically respond to high-confidence threats by, for example, terminating malicious processes or blocking network connections from compromised pods.

Current Status: Coming Soon

Native, deeply integrated Kubernetes support within the Garnet Platform (e.g., via a dedicated Helm chart) is under active development and will be available soon.

Stay Updated: Please refer to announcements from , the , or contact your Garnet representative for the latest information on availability and specific deployment instructions.
Interim Options (for advanced users with standalone Jibril): While awaiting full platform integration, advanced users familiar with Jibril as a standalone sensor can technically deploy it within Kubernetes (e.g., as a self-managed DaemonSet) and configure it to point to the Garnet Platform. However, this approach requires manual configuration and management of the Jibril agents and their connection to the platform. For details on standalone Jibril, see the .

We are excited to bring you a seamless and powerful Kubernetes integration. Once launched, it will be a critical component for securing your cloud-native applications with Garnet.