logo logo
Understanding Zero Trust with AccuKnox for Secure Access
Initializing search
    GitHub
    • Open Support Ticket
    • Home
    • Overview
    • Getting Started
    • Integrations
    • Use-Cases
    • Support Matrix
    • Resources
    • FAQs
    GitHub
    • Home
    • Overview
      • AccuKnox Enterprise Architecture
      • AccuKnox Agents
      • Deployment Models
      • DevSecOps
    • Getting Started
        • Overview
        • ASPM Playbook
        • CSPM Playbook
        • CWPP Playbook
        • KSPM Playbook
        • Host Security Playbook
        • Integrations Playbook
          • AWS
          • Azure
          • GCP
          • AWS
          • Azure
          • GCP
          • Offboard Clound Account
          • Runtime Security Prerequisites
          • Runtime Security Onboarding
          • Cluster Onboarding with Access Keys
          • Cluster Miconfiguration Scan Onboarding
          • CIS Benchmarking
          • Cluster Offboarding
          • VM Onboard/Deboard with Docker
          • VM Onboard/Deboard with SystemD
          • SystemD Based Non-BTF Environments
          • VM Onboarding with Access Keys
        • Generate CWPP Reports
          • WordPress-MySQL
          • DVWA
          • PHP-MySQL
        • Overview
        • Github IaC Scan
        • AWS CDK IaC Scan
        • ACR
        • ECR
        • GAR
        • Harbor
        • Dockerhub Registry
        • Docker Trusted Registry
        • Sonatype Nexus
        • JFrog Container
        • Quay
        • In-Cluster Scanner
        • On-prem Installation
        • Security on OpenShift
          • RINC
        • Open source vs Enterprise
        • Open Source Installation
      • Signup/Login via SSO
      • Create Tokens
      • Create Labels
      • Create Access Keys
        • Configure Custom Report
        • Summarized Custom Report
    • Integrations
        • Overview
          • Overview
          • SAST
          • Container Image Scan
          • Iac Scan
          • DAST
          • Secret Scan
          • OpenGrep SAST
          • Overview
          • SAST
          • Container Image Scan
          • IaC Scan
          • DAST
          • Overview
          • SAST
          • Container Image Scan
          • IaC Scan
          • DAST
          • Overview
          • SAST
          • Container Scan
          • IaC Scan
          • DAST
          • Secret Scan
            • SAST
            • DAST
          • Overview
          • SAST
          • Container Scan
          • IaC Scan
          • DAST
          • Overview
          • Onboard Private Repos
          • SAST
          • SAST (Semgrep)
          • SAST (Opengrep)
          • Container Scan
          • IaC Scan
          • DAST
          • Secret Scanning with Github Actions
          • Overview
          • SAST
          • SAST (Opengrep)
          • Container Scan
          • IaC Scan (AccuKnox)
          • IaC Scan (GitLab Pipeline)
          • DAST
          • Secret Scan
            • Container Scan Variables
            • IaC Scan Variables
            • DAST Scan Variables
            • SAST Scan variables
          • Overview
          • SAST
          • Container Scan
          • IaC Scan
          • DAST
          • Secret Scan
          • OpenGrep SAST
            • Container Scan Variables
            • IaC Scan Variables
            • DAST Scan Variables
            • SAST Scan variables
          • Overview
          • SAST
          • SCA
          • Iac Scan (KICS)
          • Container Scan
      • Registry Scan
        • Rafay
          • KubeArmor
          • AccuKnox Agents
          • AccuKnox
          • KubeArmor
        • Spectro Cloud
        • Ticket Templates
        • Jira Cloud
        • Jira Server
        • Freshservice
        • Connectwise
        • ServiceNow
          • Logs
          • Alerts
        • Splunk
        • AccuKnox SplunkApp
        • KubeArmor Splunk Integration
        • Azure Sentinel
        • Azure Sentinel Feeder Integration
        • Rsyslog
        • Rsyslog Feeder Integration
        • AWS Cloudwatch
        • Azure Entra
        • Slack
        • Email
      • OAuth
      • Email Backend
    • Use-Cases
      • CNAPP Dashboard Widgets
        • EPSS Scoring
        • Rules Engine
        • Vulnerability Management
        • GitHub
        • Azure DevOps
        • Bitbucket
        • Jenkins
        • Gitlab
        • Jupyter Notebook
          • Overview
          • Pickle Code Injection PoC
          • Adversarial Attacks on Deep Learning Models
          • Deploy PyTorch App with ModelKnox
        • Overview
        • Asset Inventory
          • Overview
          • Network Security
          • Compute Security
          • Database Security
          • Overview
          • IAM Security
          • Network Security
          • Compute Security
          • Storage Security
          • Overview
          • IAM Security
          • Network Security
          • Compute Security
          • Multi-cloud Compliance
          • Cloud Misconfiguration and Drift Detection
        • CWPP Overview
          • Zero Trust Security
          • Audit/Forensics
          • Runtime Application Behavior Discovery
          • HashiCorp Vault Hardening
          • CyberArk Conjur Hardening
          • Cryptojacking
          • Hildegard
        • Container Image Scan
        • Application Security Posture Management (ASPM)
        • IaC Scan
        • Container Scan
        • SAST
        • DAST (MFA-Enabled)
        • DAST XSS Mitigation
        • Secrets Scan
        • Overview
        • Admission Controller
        • Kubernetes Identity and Entitlement Management (KIEM)
        • Pod Security Admission Control
        • CIS K8s Benchmark Findings
        • Workload Hardening
        • Runtime Application Hardening
        • Network Micro-segmentation
        • Cluster Misconfiguration Scan
        • Mitigate Supply Chain Attacks with KnoxGuard
        • Introduction
            • Overview
            • AWS Misconfigurations
            • GCP Misconfigurations
            • Azure Misconfigurations
          • Host Security Scan
          • Malware Scan
          • Compliance Benchmarking & Risk Assessment
          • Audit & Log Management
            • Blocking Execution of Package Managers
            • File Integrity Monitoring
          • Preventing Cryptominers Attack
          • Defending against Log4Shell
          • OnDemand and Scheduled
          • Host Scan Report
      • Access Keys
      • IoT/Edge Security
      • 5G Security
    • Support Matrix
      • CI/CD Support Matrix
      • CSPM Assets Support
      • Compliance Matrix
      • VMs
      • Private Cloud
      • Public Cloud
      • Registry Scan
      • IaC
      • KubeArmor Support Matrix
    • Resources
      • CWPP Troubleshooting
      • CSPM Troubleshooting
      • User Manual
        • RedHat Marketplace Installation Guide
          • KubeArmor Installation Guide
          • AWS Installation Guide
          • KubeArmor EKS add-on
        • Oracle Marketplace Installation Guide
        • Azure Marketplace Installation Guide
      • Customer Data Backup Guide
      • Upgrading AccuKnox Agents
        • CSPM Cloud Assets
        • CWPP Container Images
        • CWPP Worker Nodes
      • Ticketing Procedures
      • Technical Guide
          • v2.4 Release Notes
          • v2.1-v2.2 Release Notes
          • v2.0 Release Notes
          • v1.7 Release Notes
          • v1.6 Release Notes
          • v1.5 Release Notes
        • KubeArmor
      • Glossary
    • FAQs

    Zero Trust Security

    Process based network control

    Process based network control

    Allow only specific processes to access network primitives, deny/audit everything else.

    Process based asset access

    Process based asset access

    Allow only specific processes to access sensitive assets, deny/audit everything else.

    Process Whitelisting

    Process Whitelisting

    Allow only specific processes to execute, deny/audit everything else.

    Network Segmentation

    Network Segmentation

    Limit network access strictly between whitelisted service endpoints, deny everything else.

    Ensure TLS

    Ensure TLS

    Ensure that all service endpoints are using the right TLS and certificate configuration.

    Was this page helpful?
    Thanks for your feedback!
    Thanks for your feedback! Help us improve this page by using our feedback form.
    Previous
    CWPP Overview
    Next
    Audit/Forensics
    © 2024 AccuKnox. All Rights Reserved.
    Made with Material for MkDocs