Managing container runtime profiles

When implementing runtime policies, Kaspersky Container Security can apply user-defined rules for monitoring processes and the network. To do so, add runtime profiles to the appropriate runtime policies. Runtime profiles are essentially lists of restrictions for containers. Image profiles define the settings for secure image deployment and safe activities of an application deployed from an image. The actions assigned in profiles can significantly reduce the capabilities of cybercriminals who could potentially infiltrate a facility, and can improve security during the runtime operation of containers.

The following settings specify restrictions in an image profile:

• Executable files that should be blocked.
• Network restrictions for inbound and outbound connections.

The list of configured profiles is displayed as a table on the Runtime profiles tab under Policies → Runtime. In this section, you can also do the following:

• Create new container runtime profiles. Open the profile settings window by clicking the Add profile button above the list.
• Edit profile settings by clicking the link in the runtime profile name.
• Delete runtime profiles.