Support

Support for business applications

Kaspersky Container Security

Solution architecture

Kaspersky Container Security
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools

Solution architecture

March 27, 2024

ID 250375

The Kaspersky Container Security platform consists of three main components:

  • The Kaspersky Container Security Server has the following functions:
    • Provides an interface for interactive management of the solution (Management Console).
    • Ensures integration with external software components (SIEM, CI, image registries, LDAP, Telegram, email) and the receipt of information from them.
    • Coordinates the operation of other solution components.
    • Ensures the creation and management of security policies.
    • Displays the results of solution operations.
  • Kaspersky Container Security Agent (hereinafter also referred to as the Agent). This component runs as a containerized application and ensures the appropriate level of node security in accordance with the configured security policies, including control of the following:
    • Runtime security of containers running on the nodes.
    • Network interaction between pods and applications inside containers.
    • Integration with the orchestration platform and flow of data necessary for analysis of the orchestrator configuration and its components.
    • Startup of containers from trusted images to prevent unverified images from running.

    Agents are installed to all nodes of clusters and all clusters requiring protection. Kaspersky Container Security works with two types of agents: cluster protection agents (csp-kube-agent) and node protection agents (csp-node-agent). Together they form groups of Agents. A separate group of Agents is created for each cluster. Many groups of Agents can be created for one installation of the solution.

    If there are no Agents in the cluster, some of the solution functionalities are unavailable (for example, runtime policies, CIS standards, resource monitoring).

  • Kaspersky Container Security Scanner. This component scans configuration files and images in the connected registries, searches for and analyzes detected malware, and conducts checks when the solution is integrated into CI/CD.

    Architecture of the solution.

    Overall architecture scheme of Kaspersky Container Security

Kaspersky Container Security can be deployed in a public or private corporate network.

In this Help section

Scanner

Standard deployment schemes

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.