Dynamic Micro Segmentation for Workloads in a Hybrid Cloud

Security policies now move with applications

Visibility, Control and Isolation

In a hybrid cloud, there is an inherent loss of control and visibility in the network topology and corresponding security enforcement points. As applications move to the cloud, workloads become the central organizing unit by which compute resources are allocated. K2 modernizes security for cloud workloads by creating application-centric security policies architected to work autonomously in containers and their orchestration environments.

How K2 Segment Works

K2 agents are deployed on physical or virtual servers via an installer, and as part of Kubernetes pods on minion nodes via pod yaml modification. The agent monitors all communication to and from application workloads and enforces security policies.

As part of the scan, the K2 agent automatically discovers open ports and traffic flows to and from the workloads and uses the information to build the topology of the workloads.

The application topology map identifies workloads by their IP, identity and the connectivity between workloads. This map provides visualization of how applications are connected in the hybrid cloud and key enabler of dynamic micro segmentation.

Strong cryptographic identities assigned to each workload are used for dynamic micro segmentation instead of ephemeral IP addresses. Identities are associated with a group and policies are defined for each group to permit or deny access. These security policies move with workloads and allow segmentation in any environment.

After the identity of a remote workload is validated, K2 can secure all communications with the remote workload by establishing a secure tunnel. Secure tunnels are shown as green edges between the nodes in the application topology map.

Micro Segmentation for Effective Isolation

K2’s dynamic micro segmentation capability can discover all segments and services of an application and rapidly enable uni or bi-directional traffic policies that are enforceable in a changing IP address environment.

Deep Insight into infrastructure

K2’s unique scan and visualization of the application interconnect makes it easy to identify the location of applications and use the connectivity map to setting up policies for segmentation

App-Based Dynamic Policies

Policies are based on unique identities and groups assigned to applications rather than ephemeral IP addresses. The security policies are decoupled from the infrastructure and move with applications.

Automatic Discovery

Once agents are deployed, they automatically scan and identify applications and traffic between them. The topology displays connections and provide ability to configure policies for each connection.

Read About “Application-Based Segmentation in Dynamic Hybrid Clouds”

Policies move with applications saving time and cost

Download Whitepaper