K2 agents are deployed on physical or virtual servers via an installer, and as part of Kubernetes pods on minion nodes via pod yaml modification. The agent monitors all communication to and from application workloads and enforces security policies.
As part of the scan, the K2 agent automatically discovers open ports and traffic flows to and from the workloads and uses the information to build the topology of the workloads.
The application topology map identifies workloads by their IP, identity and the connectivity between workloads. This map provides visualization of how applications are connected in the hybrid cloud and key enabler of dynamic micro segmentation.
Strong cryptographic identities assigned to each workload are used for dynamic micro segmentation instead of ephemeral IP addresses. Identities are associated with a group and policies are defined for each group to permit or deny access. These security policies move with workloads and allow segmentation in any environment.
After the identity of a remote workload is validated, K2 can secure all communications with the remote workload by establishing a secure tunnel. Secure tunnels are shown as green edges between the nodes in the application topology map.