Image Assurance

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> We talked about runtime protection for
00:00
containers but what about the images they are based on?
00:00
CloudGuard image assurance analyses
00:00
Kubernetes images in runtime to
00:00
make sure they are free of
00:00
known vulnerabilities and compromised repositories.
00:00
The image assurance agents
00:00
continuously check the cluster for all diploid images.
00:00
If an agent identifies an unknown image,
00:00
the agent scans and analyzes
00:00
the image to find vulnerabilities, exploits,
00:00
malware, viruses, Trojans, credential leakage,
00:00
and other malicious threats.
00:00
Image assurance uses the following resources.
00:00
The ImageScan Engine,
00:00
which is responsible for
00:00
analyzing and scanning the image locally.
00:00
This agent sends the back-end
00:00
the necessary information to complete the scan.
00:00
The ImageScan Daemon,
00:00
which is a Kubernetes Daemon set that checks
00:00
the local registry on every node
00:00
to find the deployed images on the node.
00:00
Once deployed, the flow looks like this.
00:00
Regardless of CloudGuard for redundancy purposes,
00:00
Kubernetes saves container images locally
00:00
in the cluster for every potted handles.
00:00
In each of the cluster's nodes,
00:00
CloudGuard maintains an image scan Daemon,
00:00
which scans the list of locally stored images
00:00
by calling the cluster's internal container registry.
00:00
This information is relayed to the ImageScan Engine,
00:00
which is then relayed to the back-end.
00:00
The back-end then examines and
00:00
validates the list of images.
00:00
If it detects an unknown image,
00:00
it reports this to the ImageScan Engine.
00:00
The engine then requests
00:00
the ImageScan Daemon to fetch
00:00
the image in question from the registry.
00:00
After its retrieval,
00:00
the image scan engine unpacks the image,
00:00
analyzes it locally, and
00:00
sends its metadata to the back-end.
00:00
The detection verdict is then
00:00
presented in the CloudGuard portal.
00:00
You can view the findings in
00:00
the CloudGuard native portal under
00:00
images where you can drill
00:00
down into the Posture Findings tab.
00:00
You can also see the vulnerability findings
00:00
for all clusters in
00:00
the account by navigating
00:00
to Image Assurance Vulnerabilities.
00:00
When the process of onboarding
00:00
a new Kubernetes cluster with image assurance is
00:00
complete or when image assurance
00:00
on a Kubernetes environment is enabled,
00:00
CloudGuard automatically adds a default policy
00:00
and rule sets for the cluster environment.
00:00
To issue image assurance findings,
00:00
you do not need to perform any additional actions.
00:00
CloudGuard creates these findings when it
00:00
scans the image for the first time,
00:00
then the CloudGuard portal checks it periodically for
00:00
changes for newly discovered vulnerabilities.
Up Next