ARMO Guards can be added seamlessly to any workload or for an entire namesapce. Once attached the ARMO Guards open deep observability functionality for every workload and allow you to build security policies across workload execution, netowrk, data, and Kubernetes secrets access.
To attach the ARMO Guards to a namescape use:
cacli k8s attach --namesace <namespace name> --cluser <cluster name>
At this point ARMO will initaite an update to your workloads, Kubernetes will restart the different pods while preseving application uptime and functionality.
Congratulation! you now have deep observability! connect to the ARMO dashboard to see all network communications, file access, code execution and workloads meta data at: https://cpanel.euprod1.cyberarmorsoft.com/home/ , check out the visibity tab (see below image).
Signing your workloads tells the ARMO Guards to build the ARMO patented CODE-DNA for each workload, and to tart continously protecting it against malware, from code injection to advanced fileless malware-based attacks. Once signed, any unauthorized change to your workload will be immediately and deterministically identified.
To sign all workloads within a namescape use:
cacli sign --namesace <namespace name> --cluser <cluster name>
Your microservices are now protected, go to the ARMO dashboard check their status and get alerts (you will not get tons of alerts, we don't like false positives ) at: https://cpanel.euprod1.cyberarmorsoft.com/home/ , check out the workload explorer tab (see below image).
Adding network policies is an important step in getting security and compliance within your Kubernetes cluster, ARMO allows you to quickly set up a zero-trust policy. Go to the Deploy-Initial-Network-Policy to see how.