Protect and isolate workloads
ThreatStryker employs the Cyber Kill Chain methodology to track the progression of potential attacks, from Reconnaissance to Exfiltration, while assigning a risk metric to each event. As a suspected attack crosses a predefined threshold in the Kill Chain, ThreatStryker not only sends notifications but can also initiate automated responses to counteract the threat effectively, safeguarding your workloads from potential harm.
When faced with identified malicious network traffic, ThreatStryker swiftly detects and firewalls the sources using local networking tools (Kubernetes CNI, eBPF), effectively neutralizing the attack and preventing lateral spread. Acting promptly in case of a potentially compromised workload or identified bad actor, ThreatStryker automatically blocks both internal and external threats, isolating tainted workloads to safeguard against further exploits.
ThreatStryker expertly evaluates network activities and on-host events, such as file and process integrity, to determine the security status of a host or container. Based on its assessment, ThreatStryker can execute appropriate quarantine measures, such as isolating, terminating, or restarting the affected workload, ensuring robust protection for your infrastructure.
Numerous attacks evolve gradually, with threat actors compromising a single service or workload before seeking additional targets. ThreatStryker meticulously archives suspicious activities over extended periods, constructing a comprehensive risk profile and offering valuable insights for forensic investigations, enabling you to stay vigilant and prepared against stealthy threats.
When protecting Kubernetes, ThreatStryker can automatically kill tainted pods. The Kubernetes deployment controller will then start fresh workloads from a known good state, meaning that any loss of capacity is minimized and services continue uninterrupted.