Red Hat Advanced Cluster Security implementation

Red Hat Advanced Cluster Security (RHACS) is a Kubernetes-native security platform that provides best-in-class security integrations and solutions for container-based environments. RHACS security capabilities ensure that Kubernetes-based infrastructure is continuously protected and secure. HeartAI instances of Red Hat OpenShift are natively integrated with RHACS.

RHACS collects, monitors, and evaluates system-level events including:

  • Process execution.
  • Network connections and traffic.
  • Access control and privilege escalation.

In combination with behavioral pattern base-lining, this allows for the detection of anomalous activity indicative of potentially malicious intent such as active malware, resource hijacking, unauthorised access control, and system intrusions.

Environments protected by RHACS are continuously scanned with reference to best practice compliance frameworks such as the Center for Internet Security (CIS) benchmarks and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). By default, the following compliance standards are integrated with RHACS:

RHACS supports DevSecOps by providing integrated workflows for CI/CD, including policy validation at deploy-time and runtime to restrict high-risk workloads from being deployed. By shifting security left, vulnerable and mis-configured images can be remediated with real-time feedback and alerts.

OpenShift implementation

HeartAI orchestrates system services with the Kubernetes-based Red Hat OpenShift container platform. Further information about the HeartAI implementation of Red Hat OpenShift may be found with the following documentation:

External references

Further information about Red Hat Advanced Cluster Security may be found with the following external references:

RHACS UI overview

The following image shows the RHACS overview web interface. This section of RHACS displays an overview of security, compliance, and resource management for Kubernetes-based clusters and resources. The overview web interface provides visualisations for:

  • A summary of compliance violations and risk severity in relation to rigorous compliance standards.
  • Compliance violations and risk severity corresponding to cluster instances.
  • Deployment prioritisation by risk severity.
  • Active violations over time.
  • Abnormal activity detections.
  • Continuous assessment of DevOps best practices.
  • Container compliance assessment against the Docker CIS compliance benchmarks.
  • Risk severity for Kubernetes events.
  • Network tooling risk evaluation.
  • Assessment of cluster privileges and permissions assignment.
  • Review of security best practices.
  • Risk severity of cluster-level modifications.
  • Analysis of vulnerability management.

rhacs-dashboard.png

RHACS UI network graph

The following image shows the RHACS network graph web interface. The network graph section of RHACS allows visualisation of network traffic and segmentation, and provides mechanisms to enforce network rules and policies. The network graph web interface provides:

  • A visualisation of cluster network topology and segmentation.
  • Cluster network traffic flow and metrics.
  • Functionalities to filter network visualisation by namespace or time window.
  • Network policy simulation tooling.

rhacs-network-graph.png

RHACS UI violations

The following image shows the RHACS violations web interface. The violations section of RHACS reports insights into Kubernetes-based resources across corresponding clusters. Violations are reported at the resource level, and information is described relating to resource-type, associated policy violation, policy enforcement, risk severity, policy category, resource lifecycle, and time of violation. The violations web interface provides:

  • A tabled report of cluster violations, including:
    • The resource entities where the violation exists.
    • The type of resource entities.
    • The compliance policy the entities are breaching.
    • Information about the enforcement status of the corresponding compliance policies.
    • The risk severity of the violation.
    • The risk category of the violation.
    • The cluster lifecycle that is associated with the resource entity.
    • The detection time of the compliance violation.

rhacs-violations.png

RHACS UI compliance

The following image shows the RHACS compliance web interface. The compliance section of RHACS allows for the auditing of Kubernetes-based clusters and container images against best practice policy and compliance frameworks. The compliance web interface provides:

rhacs-compliance.png

RHACS UI vulnerability management

The following image shows the RHACS vulnerability management web interface. The vulnerability management section of RHACS identifies vulnerabilities for Kubernetes-based clusters and associated container images. The vulnerability management web interface provides:

  • Visualisations of deployment risk by critical vulnerabilities and exposures.
  • Cluster-level reporting of container image risk.
  • Insights into the most frequently violated policies.
  • Recently detected vulnerabilities.
  • Deployment reporting for severe policy violations.
  • Reporting of orchestrator and Istio vulnerabilities.
  • Cluster vulnerabilities by frequency.

rhacs-vulnerability-management.png

RHACS UI configuration management

The following image shows the RHACS configuration management web interface. The configuration management section of RHACS monitors Kubernetes-based clusters for mis-configurations with reference to best practice policy and compliance frameworks. The configuration management web interface provides:

  • Configuration policy violation by severity.
  • Configuration policy pass rate for the CIS Docker v1.2.0 benchmarks.
  • User frequency for cluster admin role assignments.
  • Secret assignment frequency across deployments.

rhacs-configuration-management.png

RHACS UI risk

The following image shows the RHACS risk web interface. The risk section of RHACS estimates and prioritises the risk of corresponding deployments and suggests approaches for remediation. The risk web interface provides:

  • Report tables ranking the risk of cluster deployments.
  • Information about risk-associated deployments:
    • The deployment name.
    • Date of deployment creation.
    • Cluster allocation of the deployment.
    • Namespace allocation of the deployment.
    • Deployment risk assessment priority.

rhacs-risk.png