HomeGitHubSign Up

Smart Remediation

Suggest Edits

Introduction

Securing Kubernetes environments is a continuous task, but the journey is fraught with challenges, particularly when addressing misconfigurations. This blog post explores the nuances of securing Kubernetes without disrupting applications, delving into challenges, and proposing strategies for effective resolution.

Smart Remediation with zero disruption

How it works

In a Kubernetes context, leveraging eBPF assists with observing the application behavior. ARMO Platform, in turn, identifies the right workload configuration and provides remediation recommendations that offer the best of both worlds. On the one hand, the recommendation is based on best practices drawn from well-known Kubernetes security frameworks. In addition, they account for the behavior of the specific application in question. This remediation advice doesn’t break the application.

Feature Highlights

The ARMO Platform offers an effective way of prioritizing issues based on the behavior of your workload. This unique approach allows you to apply fixes with confidence, knowing that your application won't break, and you'll save valuable time on investigation.

Smart remediation - Apply fixes with confidence

Controls View
Using the "Smart remediation" filter helps you quickly identify controls that offer smart remediation, so you can take action right away.


Resources View
To quickly identify the fixes you can confidently apply, switch to the Resources view and enable the Smart Remediation option. This will give you an indication for each of the failed resources, along with a counter that shows how many controls support Smart Remediation out of the total failed controls.



Once you filter by the Smart remediation, click on the Fix button to get the remediation advice.
Controls that support Smart remediation have the blue bulb indication and once you click on it, you can a details panel explaining why it’s safe to apply that remediation advice.

Example 1 - “Our analysis indicates that you can safely enable the readOnly flag, because your workload does not use the write permission.”


Example 2 - “Our analysis indicates that your workload uses the privileged capability. To maintain workload reliability, you should accept the risk. To eliminate this misconfiguration despite the risk to the workload reliability, toggle off the “Smart Remediation” mode.”


Supported controls
ARMO platform supports the following controls that provide smart remediation, and additional controls will be implemented in the future providing you the confidence to harden your workloads with zero disruption



Updated 24 days ago