[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [Container Security](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security?ts=markdown) 4. [What Is Container Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security?ts=markdown) Table of Contents * What Is Container Security? * [Container Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#container-security?ts=markdown) * [Understanding the Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#attack-surface?ts=markdown) * [How to Secure Containers](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#secure-containers?ts=markdown) * [Container Security Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#solutions?ts=markdown) * [Container Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#faq?ts=markdown) * [Managing Permissions with Kubernetes RBAC](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown) * [Kubernetes RBAC Defined](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#kubernetes?ts=markdown) * [Why Is RBAC Important for Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#important?ts=markdown) * [RBAC Roles and Permissions in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#roles?ts=markdown) * [How Kubernetes RBAC Works](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#how?ts=markdown) * [The Role of RBAC in Kubernetes Authorization](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#authorization?ts=markdown) * [Common RBAC Permissions Risks and Vulnerabilities](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#common?ts=markdown) * [Kubernetes RBAC Best Practices and Recommendations](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#best?ts=markdown) * [Kubernetes and RBAC FAQ](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#faqs?ts=markdown) * [Kubernetes: How to Implement AI-Powered Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security?ts=markdown) * [Common Threats to Kubernetes Clusters](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#common?ts=markdown) * [How Is AI Used to Enhance Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#how?ts=markdown) * [How Do You Implement AI-Powered Security in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#do?ts=markdown) * [What Are the Best Types of AI-Powered Tools for Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#what?ts=markdown) * [Kubernetes and AI-Powered Security FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#faqs?ts=markdown) * [What Is Container Runtime Security?](https://www.paloaltonetworks.com/cyberpedia/runtime-security?ts=markdown) * [Container Runtime Security for Modern Applications](https://www.paloaltonetworks.com/cyberpedia/runtime-security#runtime-security?ts=markdown) * [Models and Rules: Understanding Container Runtime Security](https://www.paloaltonetworks.com/cyberpedia/runtime-security#models?ts=markdown) * [Components of Container Runtime Security](https://www.paloaltonetworks.com/cyberpedia/runtime-security#components?ts=markdown) * [Best Practices for Optimal Runtime Security](https://www.paloaltonetworks.com/cyberpedia/runtime-security#best-practices?ts=markdown) * [At-a Glance Runtime Security Checklist](https://www.paloaltonetworks.com/cyberpedia/runtime-security#checklist?ts=markdown) * [Runtime Security FAQs](https://www.paloaltonetworks.com/cyberpedia/runtime-security#faq?ts=markdown) * [What Is Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security?ts=markdown) * [Kubernetes Security Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#kubernetes?ts=markdown) * [The Importance of Kubernetes Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#importance?ts=markdown) * [Application Security in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#application?ts=markdown) * [7 Common Kubernetes Security Mistakes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#mistakes?ts=markdown) * [Kubernetes Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#practices?ts=markdown) * [Kubernetes Security FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#faqs?ts=markdown) * [Multicloud Management with Al and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management?ts=markdown) * [Multicloud Kubernetes Defined](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#multicloud?ts=markdown) * [How Does Kubernetes Facilitate Multicloud Management?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#how?ts=markdown) * [Multicloud Management Using AI and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#kubernetes?ts=markdown) * [Key AI and Kubernetes Capabilities](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#key?ts=markdown) * [Strategic Planning for Multicloud Management](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#strategic?ts=markdown) * [Steps to Manage Multiple Cloud Environments with AI and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#steps?ts=markdown) * [Multicloud Management Challenges](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#challenges?ts=markdown) * [Kubernetes Multicloud Management with AI FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#faqs?ts=markdown) * [What Is Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes?ts=markdown) * [Kubernetes Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#kubernetes?ts=markdown) * [Kubernetes Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#architecture?ts=markdown) * [Nodes: The Foundation](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#nodes?ts=markdown) * [Clusters](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#clusters?ts=markdown) * [Pods: The Basic Units of Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#pods?ts=markdown) * [Kubelet](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#kubelet?ts=markdown) * [Services: Networking in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#services?ts=markdown) * [Volumes: Handling Persistent Storage](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#volumes?ts=markdown) * [Deployments in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#deployments?ts=markdown) * [Kubernetes Automation and Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#capabilities?ts=markdown) * [Benefits of Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#benefits?ts=markdown) * [Kubernetes Vs. Docker](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#compare?ts=markdown) * [Kubernetes FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#faq?ts=markdown) * [What Is Kubernetes Security Posture Management (KSPM)?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm?ts=markdown) * [Kubernetes Security Posture Management Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#kspm?ts=markdown) * [What Is the Importance of KSPM?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#importance?ts=markdown) * [KSPM \& the Four Cs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#kspm-cs?ts=markdown) * [Vulnerabilities Addressed with Kubernetes Security Posture Management](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#vulnerabilities?ts=markdown) * [How Does Kubernetes Security Posture Management Work?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#how?ts=markdown) * [What Are the Key Components and Functions of an Effective KSPM Solution?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#components?ts=markdown) * [KSPM Vs. CSPM](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#vs?ts=markdown) * [Best Practices for KSPM](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#best-practices?ts=markdown) * [KSPM Use Cases](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#use-cases?ts=markdown) * [Kubernetes Security Posture Management (KSPM) FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#faq?ts=markdown) * [What Is Orchestration Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security?ts=markdown) * [Orchestration Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#orchestration-security?ts=markdown) * [Securing the Build Layer](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#build-layer?ts=markdown) * [Orchestration Access Security](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#access-security?ts=markdown) * [At-a-Glance Container Orchestration Security Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#checklist?ts=markdown) * [Container Orchestration FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#faq?ts=markdown) * [What Is Container Orchestration?](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration?ts=markdown) * [Container Orchestration Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#container-orchestration?ts=markdown) * [Orchestration Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#tools?ts=markdown) * [Key Components of Orchestrators](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#components?ts=markdown) * [Container Orchestration and the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#pipeline?ts=markdown) * [Benefits of Container Orchestration](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#benefits?ts=markdown) * [The Container Ecosystem](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#ecosystem?ts=markdown) * [Container Orchestration FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#faq?ts=markdown) * [How to Secure Kubernetes Secrets and Sensitive Data](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets?ts=markdown) * [Kubernetes Secrets Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#kubernetes?ts=markdown) * [Importance of Securing Kubernetes Secrets](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#importance?ts=markdown) * [How Kubernetes Secrets Work](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#kubernetes-secrets?ts=markdown) * [How Do You Store Sensitive Data in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#sensitive-data?ts=markdown) * [How Do You Secure Secrets in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#secure-secrets?ts=markdown) * [Challenges in Securing Kubernetes Secrets](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#challenges?ts=markdown) * [What Are the Best Practices to Make Kubernetes Secrets More Secure?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#best-practices?ts=markdown) * [What Tools Are Available to Secure Secrets in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#tools?ts=markdown) * [Kubernetes Secrets FAQ](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#faq?ts=markdown) * [Kubernetes and Infrastructure as Code](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code?ts=markdown) * [Infrastructure as Code in the Kubernetes Environment](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#kubernetes-environment?ts=markdown) * [Understanding IaC](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#iac?ts=markdown) * [IaC Security Is Key](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#iac-security?ts=markdown) * [Kubernetes Host Infrastructure Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#host-infrastructure-security?ts=markdown) * [IAM Security for Kubernetes Clusters](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#iam-security?ts=markdown) * [Container Registry and IaC Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#container-registry?ts=markdown) * [Avoid Pulling "Latest" Container Images](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#container-images?ts=markdown) * [Avoid Privileged Containers and Escalation](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#privileged-containers?ts=markdown) * [Isolate Pods at the Network Level](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#isolate-pods?ts=markdown) * [Encrypt Internal Traffic](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#encrypt?ts=markdown) * [Specifying Resource Limits](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#resource-limits?ts=markdown) * [Avoiding the Default Namespace](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#namespace?ts=markdown) * [Enable Audit Logging](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#audit-logging?ts=markdown) * [Securing Open-Source Kubernetes Components](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#kubernetes-components?ts=markdown) * [Kubernetes Security Across the DevOps Lifecycle](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#devops-lifecycle?ts=markdown) * [Kubernetes and Infrastructure as Code FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#faq?ts=markdown) * [What Is the Difference Between Dockers and Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker?ts=markdown) * [Docker Defined](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#defined?ts=markdown) * [Kubernetes Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#explained?ts=markdown) * [Docker and Kubernetes: Comparison of Containerization Platforms](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#platforms?ts=markdown) * [Kubernetes Vs. Docker: Complementary, Not Competitors](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#competitors?ts=markdown) * [Benefits of Integrating Docker and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#benefits?ts=markdown) * [Use Cases and Applications for Docker and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#usecases?ts=markdown) * [Dockers and Kubernetes FAQ](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#faqs?ts=markdown) * [Securing Your Kubernetes Cluster: Kubernetes Best Practices and Strategies](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security?ts=markdown) * [What Is the Importance of a Secure Kubernetes Cluster?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#importance?ts=markdown) * [Understanding Kubernetes Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#security?ts=markdown) * [What Are Kubernetes Security Considerations and Security Best Practices?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#practices?ts=markdown) * [What Are Advanced Strategies for Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#advanced?ts=markdown) * [Kubernetes Cluster Security FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#faqs?ts=markdown) * [What Is a Host Operating System (OS)?](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers?ts=markdown) * [The Host Operating System (OS) Explained](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#os?ts=markdown) * [Host OS Selection](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#selection?ts=markdown) * [Host OS Security](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#security?ts=markdown) * [Implement Industry-Standard Security Benchmarks](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#benchmarks?ts=markdown) * [Container Escape](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#container-escape?ts=markdown) * [System-Level Security Features](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#security-features?ts=markdown) * [Patch Management and Vulnerability Management](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#patch-management?ts=markdown) * [File System and Storage Security](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#storage-security?ts=markdown) * [Host-Level Firewall Configuration and Security](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#firewall-configuration?ts=markdown) * [Logging, Monitoring, and Auditing](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#logging?ts=markdown) * [Host OS Security FAQs](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#faq?ts=markdown) * [What Is Docker?](https://www.paloaltonetworks.com/cyberpedia/docker?ts=markdown) * [Docker Explained](https://www.paloaltonetworks.com/cyberpedia/docker#docker?ts=markdown) * [Understanding Docker Containers](https://www.paloaltonetworks.com/cyberpedia/docker#understanding?ts=markdown) * [Core Components of Docker](https://www.paloaltonetworks.com/cyberpedia/docker#core?ts=markdown) * [What Platforms and Environments Does Docker Support?](https://www.paloaltonetworks.com/cyberpedia/docker#what?ts=markdown) * [How Does Docker Work?](https://www.paloaltonetworks.com/cyberpedia/docker#how?ts=markdown) * [Docker Tools](https://www.paloaltonetworks.com/cyberpedia/docker#tools?ts=markdown) * [Docker Use Cases and Benefits](https://www.paloaltonetworks.com/cyberpedia/docker#benefits?ts=markdown) * [Docker FAQ](https://www.paloaltonetworks.com/cyberpedia/docker#faqs?ts=markdown) * [What Is Container Registry Security?](https://www.paloaltonetworks.com/cyberpedia/container-registry-security?ts=markdown) * [Container Registry Security Explained](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#container-registry?ts=markdown) * [Components of Container Registry Security](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#components?ts=markdown) * [Promoting Image and Artifact Integrity in CI/CD](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#artifact-integrity?ts=markdown) * [At-a-Glance Container Registry Security Checklist](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#checklist?ts=markdown) * [Container Registry FAQs](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#faq?ts=markdown) * [What Is a Container?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown) * [Containers Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#containers?ts=markdown) * [Understanding Container Components](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#components?ts=markdown) * [Container Infrastructure](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#infrastructure?ts=markdown) * [Know Your Container Types](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#types?ts=markdown) * [Harnessing the Efficiency of Containerization](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#efficiency?ts=markdown) * [Container FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#faq?ts=markdown) * [What Is Containerization?](https://www.paloaltonetworks.com/cyberpedia/containerization?ts=markdown) * [Why Is Containerization Important?](https://www.paloaltonetworks.com/cyberpedia/containerization#why?ts=markdown) * [Containers: A Modern Contender to VMs](https://www.paloaltonetworks.com/cyberpedia/containerization#containers?ts=markdown) * [To Container or Not to Container: Moving Applications to the Cloud](https://www.paloaltonetworks.com/cyberpedia/containerization#apps?ts=markdown) * [Architecture and Migration](https://www.paloaltonetworks.com/cyberpedia/containerization#architecture?ts=markdown) * [Choosing a Cloud Migration Method](https://www.paloaltonetworks.com/cyberpedia/containerization#migration?ts=markdown) * [When Micro Means Fast](https://www.paloaltonetworks.com/cyberpedia/containerization#micro?ts=markdown) * [Container FAQs](https://www.paloaltonetworks.com/cyberpedia/containerization#faq?ts=markdown) # What Is Container Security? 4 min. read Table of Contents * * [Container Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#container-security?ts=markdown) * [Understanding the Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#attack-surface?ts=markdown) * [How to Secure Containers](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#secure-containers?ts=markdown) * [Container Security Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#solutions?ts=markdown) * [Container Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#faq?ts=markdown) 1. Container Security Explained * * [Container Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#container-security?ts=markdown) * [Understanding the Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#attack-surface?ts=markdown) * [How to Secure Containers](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#secure-containers?ts=markdown) * [Container Security Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#solutions?ts=markdown) * [Container Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#faq?ts=markdown) Container security involves protecting [containerized applications](https://www.paloaltonetworks.com/cyberpedia/containerization?ts=markdown) and their infrastructure throughout their lifecycle, from development to deployment and runtime. It encompasses [vulnerability scanning](https://www.paloaltonetworks.com/cyberpedia/vulnerability-scanning?ts=markdown), configuration management, access control, network segmentation, and monitoring. Container security aims to maximize the intrinsic benefits of application isolation while minimizing risks associated with resource sharing and the potential attack surface. By adhering to best practices and using specialized security tools, organizations can safeguard their container environment against unauthorized access and [data breaches](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security?ts=markdown) while maintaining compliance with industry regulations. ## Container Security Explained [Containers](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security?ts=markdown) give us the ability to leverage [microservice architectures](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) and operate with greater speed and higher portability. Containers also introduce intrinsic security benefits. [Workload](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown) isolation, application abstraction, and the immutable nature of containers in fact factor heavily into their adoption. [Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes?ts=markdown), too, provides built-in security features. Administrators can define [role-based access control (RBAC)](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown) policies to help guard against unauthorized access to cluster resources. They can configure pod security policies and network policies to prevent certain types of abuse on pods and the network that connects them. Administrators can impose resource quotas to mitigate the disruption caused by an attacker who compromises one part of a cluster. With resource quotas in place, for example, an attacker won't be able to execute a [denial-of-service attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos?ts=markdown) by depriving the rest of the cluster resources needed to run. But as you may have guessed, no technology is immune to malicious activities. Container security, the technologies and practices implemented to protect not only your applications but also your containerized environment --- from hosts, runtimes, and registries to orchestration platforms and underlying systems --- is vital. ![what-is-container-scanning-a-top-requirement-for-container-security](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-container-scanning-a-top-requirement-for-container-security.png) *Video: Detect vulnerabilities in container images and ensure security and compliance throughout the development lifecycle with container scanning.* close ### Background Container security reflects the changing nature of IT architecture. The rise of [cloud-native computing](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) has fundamentally altered how we create applications. Keeping pace with technology demands we adjust our approach to securing them. In the past, cybersecurity meant protecting a single perimeter. Containers render this concept obsolete, having added multiple layers of abstraction that require specialized tools to interpret, monitor, and protect our containerized environments. The container ecosystem can be difficult to understand, given the plethora of tools and the unique problems they solve compared to traditional platforms. At the same time, the widespread adoption of container technologies gives us an opportunity to shift-left --- securing containers from the earliest stages in the [CI/CD pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) to deployment and runtime. But before diving into the details of container security, it's necessary to understand the platforms used for managing containers. We'll focus on one of the biggest and most well-known platforms, Kubernetes. ### What Is Kubernetes? Kubernetes is one of the leading orchestration platforms that helps optimize and implement a container-based infrastructure. More specifically, it's an open-source platform used for managing [containerized workloads](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown) by automating processes such as application development, deployment, and management. As a widely adopted open-source platform, [securing Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security) is crucial for organizations deploying containerized applications. Organizations must establish a secure environment, particularly when incorporating open-source code into third-party applications. Kubernetes, with its extensive ecosystem and numerous integrations for managing containers, enables the creation of automated, systematic processes that integrate security into the core of its build and deployment pipeline. By leveraging Kubernetes' native features, such as RBAC, pod security policies, and network policies, organizations can build and maintain a solid security posture with a resilient container orchestration infrastructure. ### Benefits of Containers To put it simply, containers make building, deploying, and scaling cloud-native applications easier than ever. For cloud-native app developers, the top-of-mind benefits of containers include: 1. **Eliminating friction**: Developers avoid much of the friction associated with moving application code from testing through to production, since the application code packaged as containers can run anywhere. 2. **Single source of truth for application development**: All the dependencies associated with the application are included within the container. This enables the application to run easily and identically across virtual machines, bare metal servers, and the public cloud. 3. **Faster build times**: The flexibility and portability of containers enables developers to make previously unattainable gains in productivity. 4. **Confidence for developers**: Developers can deploy their applications with confidence, knowing their application or platform will run the same across all operating systems. 5. **Enhanced collaboration**: Multiple teams using containers can work on individual parts of an app or service without disrupting the code packaged in other containers. Like any IT architecture, cloud-native applications require security. Container environments bring with them a range of [cybersecurity challenges](https://unit42.paloaltonetworks.com/persistence-in-containers-and-serverless/) targeting their images, containers, hosts, runtimes, registries, and orchestration platforms --- all of which need to be addressed. ## Understanding the Attack Surface Consider Kubernetes' sprawling, multilayered framework. Each layer --- from code and containers to clusters and third-party cloud services --- poses a distinct set of security challenges. [Securing Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security?ts=markdown) deployments requires securing the underlying infrastructure (nodes, load balancers, etc.), configurable components, and the applications that run in the cluster --- including maintaining the posture of underlying nodes and controlling access to the API and Kubelet. It's alsoimportant to prevent malicious workloads from running in the cluster and isolate workload communication through strict [network controls](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security?ts=markdown). Container runtimes may be subject to coding flaws that enable privilege escalation within a container. The Kubernetes API server could be improperly configured, giving attackers the opportunity to access resources assumed to be locked down. Vulnerabilities enabling privilege escalation attacks could exist within a containerized application or within the operating systems running on Kubernetes nodes. ![Anatomy of the container attack surface](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/anatomy-of-the-container-attack-surface.png "Anatomy of the container attack surface") *Figure 1: Anatomy of the container attack surface* In this system, an issue at one layer is amplified when another layer has a security issue. And containers can, of course, harbor vulnerabilities. At the same time, containers can obscure visibility. Imagine a single insecure image instantiated numerous times as separate running containers. What had been a single crack is now a vast network of fissures in the fortress. The imperative to maintain visibility into system operations and security as you increasingly deploy containers becomes increasingly challenging. And that's just maintaining visibility, one of countless objectives. Figure 1, with expanded details outlined in Table 1, offers a starting point for understanding the attack surface of containerized applications. It's important to note that the depiction is simplified. In reality, attackers have numerous inroads to explore in their attempts to exploit vulnerabilities in containerized applications. Defending this tech stack isn't necessarily more daunting than securing other environments and technologies. [Containerization](https://www.paloaltonetworks.com/cyberpedia/containerization?ts=markdown) merely presents unique security considerations that organizations need to address for a secure and resilient infrastructure. |------------------------------------------------------------|--------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Attack Surface Area** | **Attack Vector** | **Description** | **Example** | | **Via Network** | Malicious Network Traffic | Exploiting network vulnerabilities or misconfigurations to gain access to the container environment. | Scanning for open ports and exploiting misconfigurations to gain access to worker nodes. | | **Host Configuration** | Misconfigured Host System | Exploiting misconfigurations in the host operating system to gain access to the container environment. | Discovering insecure file permissions to access sensitive files, such as container configuration files. | | **Host Vulnerabilities** | Unpatched Host Vulnerabilities | Exploiting vulnerabilities in the host operating system to gain access to the container environment. | Identifying and exploiting unpatched kernel vulnerabilities to gain root privileges on worker nodes. | | **Host Application Vulnerabilities** | Unpatched Host Application Vulnerabilities | Exploiting vulnerabilities in host applications to gain access to the container environment. | Targeting older versions of Docker with vulnerabilities to gain root privileges on worker nodes. | | **Container Orchestration Vulnerabilities and Misconfigs** | Misconfigured Container Orchestration | Exploiting misconfigurations in the container orchestration system to gain access to the container environment. | Taking advantage of insecure access control policies in Kubernetes clusters to access pods and services. | | **Compromised Container Images** | Attacker Gains Access to Container Image Build Process | Compromising the container image build process to inject malicious code into container images. | Exploiting vulnerabilities in [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) to inject malicious code during the container image build process. | | **Container Vulnerabilities and Misconfigs** | Unpatched Container Vulnerabilities | Exploiting vulnerabilities in the container itself to gain access to the container environment. | Targeting unpatched vulnerabilities in popular applications running within containers to gain access. | | **Container Escape** | Attacker Gains Privileged Access to Container | Breaking out of the container's isolation and gaining access to the host system. | Exploiting vulnerabilities in the container runtime or abusing host system misconfigurations to gain root privileges on the host system. | Table 1: Breaking down the container attack surface Fortunately, each layer of the attack surface can be fortified through design and process considerations, as well as native and third-party security options to reduce the risk of compromised workloads. You'll need a multifaceted strategy, but our objective in this section of the guide is to provide you with just that. ![Figure 2: Container security spans the full software development lifecycle](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/container-security-spans.png "Figure 2: Container security spans the full software development lifecycle") *Figure 2: Container security spans the full software development lifecycle* ## How to Secure Containers Container users need to ensure they have purpose-built, [full-stack security](https://www.paloaltonetworks.com/prisma/cloud/container-security?ts=markdown) to address vulnerability management, compliance, runtime protection, and network security requirements of their containerized applications. ### Container Network Security Containerized applications face the same risks as bare metal and VM-based apps, such as cryptojacking, ransomware, and BotNet C2. [Container network security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-network-security?ts=markdown) proactively restricts unwanted communication and prevents threats from attacking your applications via a multitude of strategies. Key components of network security involve [microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation?ts=markdown), [access control](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown), encryption, and policies to maintain a secure and resilient environment. Continuous monitoring, logging, and regular audits help identify and rectify potential security gaps, as does timely patching to keep your platforms and infrastructure up to date. While shift-left security tools offer deploy-time protection against known vulnerabilities, [containerized next-gen firewalls](https://www.paloaltonetworks.com/network-security/cn-series?ts=markdown) guard against unknown and unpatched vulnerabilities. Performing [Layer 7](https://www.paloaltonetworks.com/cyberpedia/what-is-layer-7?ts=markdown) deep-packet inspection and scanning all allowed traffic, they identify and prevent [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown) from entering and spreading within the cluster and block malicious outbound connections used for [data exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration?ts=markdown) and [command and control (C2)](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained?ts=markdown) attacks. Identity-based microsegmentation helps restrict the communication between applications at Layer 3 and 4. ### Container Runtime Security Cloud-native [runtime security](https://www.paloaltonetworks.com/cyberpedia/runtime-security?ts=markdown) is the process of identifying new vulnerabilities in running containers and securing the application against them. Organizations using containers should leverage [enhanced runtime protection](https://www.paloaltonetworks.com/prisma/cloud/container-security?ts=markdown) to establish the behavioral baselines upon which anomaly detection relies. Runtime security can identify and block malicious processes, files, and network behavior that deviates from a baseline. Using a defense-in-depth strategy to prevent Layer 7 attacks, such as the OWASP Top 10, organizations should implement runtime protection with [web application and API security](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security?ts=markdown) in addition to container network security via containerized next-gen firewalls. ### Container Register Security Getting security into the container build phase means shifting left instead of reactively at runtime. Build phase security should focus on removing vulnerabilities, malware, and insecure code. Since containers are made of libraries, binaries, and application code, it's critical to secure your container registries. The first step to [container registry security](https://www.paloaltonetworks.com/cyberpedia/container-registry-security?ts=markdown) is to establish an official container registry for your organization. Without question, one or more registries already exists. It's the security team's job to find them and ensure they're properly secured, which includes setting security standards and protocols. The overarching aim of container registry security standards should center on creating trusted images. To that end, [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) and security teams need to align on policies that, foremost, prevent containers from being deployed from untrusted registries. Intrusions or vulnerabilities within the registry provide an easy opening for compromising running applications. Continuously monitoring registries for change in vulnerability status remains a core security requirement. Other requirements include locking down the server that hosts the registry and using secure access policies. ### Container Orchestration Security [Container orchestration security](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security?ts=markdown) is the process of enacting proper access control measures to prevent risks from overprivileged accounts, attacks over the network, and unwanted lateral movement. By leveraging [identity access management (IAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) and [least-privileged access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown), where Docker and Kubernetes activity is explicitly whitelisted, security and infrastructure teams can ensure that users only perform commands based on appropriate roles. Additionally, organizations need to protect pod-to-pod communications, limit damage by preventing attackers from moving laterally through their environment, and secure any frontend services from [cyber attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown). ### Host Operating System (OS) Security [Host OS security](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers?ts=markdown) is the practice of securing your operating system (OS) from a cyberattack. As cloud-native app development technology grows, so does [the need for host security](https://www.paloaltonetworks.com/prisma/cloud/host-security?ts=markdown). The OS that hosts your container environment is perhaps the most important layer when it comes to security. An attack that compromises the host environment could give intruders access to all other areas in your stack. That's why hosts need to be scanned for vulnerabilities, hardened to meet CIS Benchmarks, and protected against weak access controls (Docker commands, SSH commands, sudo commands, etc.). ## Container Security Solutions Securing your containerized environment requires a layered approach to address potential vulnerabilities and threats. In recent years, container security solutions organizations can rely on to safeguard their containerized applications and infrastructure throughout the development, deployment, and runtime stages have taken on greater sophistication and capabilities. Modern security tooling effectively minimizes risks of [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown) and [data leaks](https://www.paloaltonetworks.com/cyberpedia/data-leak?ts=markdown), promoting compliance and maintaining secure environments while accelerating [DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) adoption. ### Container Monitoring The ability to [monitor your registry](https://www.paloaltonetworks.com/blog/2019/11/cloud-container-security/?ts=markdown) for vulnerabilities is essential to maintaining container security. Because developers are continually ripping and replacing containers, monitoring tools that enable security teams to apply time-series stamps to containers are critical when trying to determine what happened in a containerized environment. Popular tools for container monitoring include Prometheus, Grafana, Sumo Logic, and Cortex Cloud. Cortex Cloud offers runtime threat detection and anomaly analysis for both cloud-native and traditional applications. It leverages machine learning and behavioral analysis to identify suspicious activity across the entire container lifecycle, from build to runtime. ### Container Scanning Tools Containers need to be continuously scanned for vulnerabilities, both before being deployed in a production environment and after they have been replaced. It's too easy for developers to mistakenly include a library in a container that has known vulnerabilities. It's also important to remember that new vulnerabilities are discovered almost daily. That means what may seem like a perfectly safe container image today could wind up as the vehicle through which all kinds of malware are distributed tomorrow. That's why maintaining [container image trust](https://www.paloaltonetworks.com/blog/prisma-cloud/cloud-container-image-trust-groups/?ts=markdown) is a central component of container scanning tools. Container scanning tools include Aqua Security, Anchore, Clair, and Cortex Cloud. Cortex Cloud provides deep-layer vulnerability scanning for container images in registries and during [CI/CD pipelines](https://www.paloaltonetworks.com/blog/prisma-cloud/announcing-ci-cd-security-with-prisma-cloud/?ts=markdown). It detects known vulnerabilities, misconfigurations, and malware, helping you build secure containers from the start. ### Container Network Security Tools Once deployed, containers need to be protected from the constant attempts to steal proprietary data or compute resources. Containerized next-generation firewalls, [web application and API security (WAAS)](https://www.paloaltonetworks.com/cyberpedia/what-is-web-application-and-api-protection?ts=markdown), and microsegmentation tools inspect and protect all traffic entering and exiting containers (north-south and east-west), granting full [Layer 7](https://www.paloaltonetworks.com/cyberpedia/what-is-layer-7?ts=markdown) visibility and control over the Kubernetes environment. Furthermore, the [containerized firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-web-application-firewall?ts=markdown) dynamically scale with the rapidly changing size and demands on the container infrastructure, guaranteeing security and bandwidth for business operations. Network security tools include Calico, Flannel, CNI plugins (e.g., Istio, Cilium), Kubernetes NetworkPolicy, and Cortex Cloud. Cortex Cloud integrates with container orchestration platforms like Kubernetes to provide network threat detection. It secures east-west traffic between containers and prevents unauthorized [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) within your environment. ### Policy Engines Modern tools make it possible for [cloud security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security?ts=markdown) teams to define policies that essentially determine who and what is allowed to access any given microservice. Organizations need a framework for defining those policies and making sure that they are consistently maintained across a highly distributed container application environment. Popular policy engines include Cilium, OPA Gatekeeper, Neutrino, Kubernetes Network Policy API, and Cortex Cloud. Cortex Cloud enforces security policies across your container deployments, including network access control, resource limitations, and image signing. This ensures consistent security posture and compliance with your organization's standards. #### Choosing the Right Solutions When selecting a solution to secure your containerized environment, consider your organization's needs and areas of risk. Do you need advanced threat detection, [vulnerability management](https://www.paloaltonetworks.com/cyberpedia/what-Is-vulnerability-management?ts=markdown), or strict policy enforcement? Evaluate integration with your existing tools and infrastructure. Seamless integration with development pipelines, orchestration platforms, and [SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) systems is game changing. Remember, effective container security goes beyond individual tools. Implementing a layered approach with continuous monitoring, proactive scanning, strong policies, and reliable network security will significantly enhance your containerized environment's resilience against threats. ## Container Security FAQs ### What is a policy engine? A policy engine is a software component that enables [DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops) teams to define, manage, and enforce policies governing access and usage of resources, such as applications, networks, and data. Policy engines evaluate incoming requests against predefined rules and conditions, making decisions based on those policies. They help ensure compliance, enhance security, and maintain control over resources. In the context of containerized environments, policy engines play a crucial role in consistently maintaining access and security policies across distributed applications and [microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices), helping manage and automate policy enforcement in complex, dynamic infrastructures. ### What is a Common Vulnerabilities and Exposures (CVE)? Common Vulnerabilities and Exposures (CVE) refers to a standardized system for identifying, cataloging, and sharing information about publicly known cybersecurity vulnerabilities and exposures. CVE entries consist of a unique identifier, a description, and a severity score. The system, maintained by the MITRE Corporation, aims to facilitate vulnerability tracking, management, and communication across different databases, tools, and organizations. By providing a common reference for vulnerabilities, CVE helps security professionals, researchers, and developers better understand potential risks, prioritize remediation efforts, and enhance the overall security posture of software and systems. ### What is the MITRE ATT\&CK Matrix? The MITRE ATT\&CK Matrix is a comprehensive, globally accessible knowledge base of cyber adversary tactics and techniques. It is developed and maintained by MITRE, a not-for-profit organization that operates research and development centers sponsored by the U.S. government. ATT\&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. The matrix serves as a framework for understanding, categorizing, and documenting the various methods that cyber adversaries use to compromise systems, networks, and applications. It's designed to help security teams, researchers, and organizations in various stages of the cybersecurity lifecycle, including threat detection, prevention, response, and mitigation. The MITRE ATT\&CK Matrix is organized into a set of categories, called tactics, representing different stages of an adversary's attack lifecycle. Each tactic contains multiple techniques that adversaries use to achieve their objectives during that stage. The techniques are further divided into subtechniques, which provide more detailed information about specific methods and tools used in cyberattacks. ### What is a security context? A security context is a set of attributes or properties related to the security settings of a process, user, or object within a computing system. In the context of containerized environments, a security context defines the security and access control settings for containers and pods, such as user and group permissions, file system access, privilege levels, and other security-related configurations. Kubernetes allows you to set security contexts at the pod level or the container level. By configuring security contexts, you can control the security settings and restrictions for your containerized applications, ensuring that they run with the appropriate permissions and in a secure manner. Some of the key attributes that can be defined within a security context include: * **User ID (UID) and group ID (GID)**: These settings determine the user and group that a container or pod will run as, thereby controlling access to resources and system capabilities. * **Privilege escalation control**: This setting determines whether a process within a container can gain additional privileges, such as running as a root user. By disabling privilege escalation, you can limit the potential impact of a compromised container. * **File system access**: Security contexts allow you to define how containers can access the file system, including read-only access or mounting volumes with specific permissions. * **Linux capabilities**: These settings control the specific capabilities that a container can use, such as network bindings, system time settings, or administration tasks. * **SELinux context**: Security contexts can be used to define the SELinux context for a container or pod, enforcing mandatory access control policies and further isolating the container from the host system. By properly configuring security contexts in Kubernetes, you can enhance the security of your containerized applications, enforce the principle of least privilege, and protect your overall system from potential security risks. ### What is code security? Code security refers to the practices and processes implemented to ensure that software code is written and maintained securely. This includes identifying and mitigating potential vulnerabilities and following secure coding best practices to prevent security risks. Code security encompasses various aspects, such as: * **Static Application Security Testing (SAST)**: Analyzing source code, bytecode, or binary code to identify potential security vulnerabilities without executing the code. * **Dynamic Application Security Testing (DAST)**: Testing running applications to identify security vulnerabilities by simulating attacks and analyzing the application's behavior. * **Software Composition Analysis**: Scanning and monitoring the dependencies (libraries, frameworks, etc.) used in your code to identify known vulnerabilities and ensure they are up-to-date. * **Secure Coding Practices**: Following guidelines and best practices (e.g., OWASP Top Ten Project) to write secure code and avoid introducing vulnerabilities. ### How do policies and infrastructure as code differ? Policies are specific security rules and guidelines used to enforce security requirements within a Kubernetes environment, while IaC is a broader practice for managing and provisioning infrastructure resources using code. Both can be used together to improve security, consistency, and automation within your Kubernetes environment. Using IaC, you can define and manage security configurations like network policies, firewall rules, and access controls as part of your infrastructure definitions. For example, you can include Kubernetes network policies, ingress and egress configurations, and role-based access control (RBAC) policies in your Kubernetes manifests, which are then managed as infrastructure as code. Tools like Terraform, CloudFormation, and Kubernetes manifests allow you to manage infrastructure resources and security configurations in a consistent and automated manner. By incorporating security measures into your IaC definitions, you can improve the overall security of your container and Kubernetes environment and ensure adherence to best practices and compliance requirements. ### What is policy as code (PaC)? [Policy as code (PaC)](https://www.paloaltonetworks.com/cyberpedia/what-is-policy-as-code#:~:text=Policy%2Das%2Dcode%20is%20the,enforcement%20tools%20you%20are%20using.) involves encoding and managing infrastructure policies, compliance, and security rules as code within a version-controlled system. PaC allows organizations to automate the enforcement and auditing of their policies, ensuring that their infrastructure is built and maintained according to the required standards. By integrating these policies into the policy as code process or as part of the infrastructure build, organizations can ensure that their tooling aligns with the necessary standards and best practices. ### What is alert disposition? Alert disposition is a method of specifying your preference for when you want an alert to notify you or an anomaly. Settings include conservative, moderate, and aggressive. Preferences are based on the severity of the issues --- low, medium, high. * Conservative generates high severity alerts. * Moderate generates high and medium severity alerts. * Aggressive generates high, medium, and low severity alerts. ### What is anomaly settings customization? Via anomaly settings customization, you can control the criterion in which alerts are generated for anomaly policies. Users can modify the anomaly settings to change the model training threshold, customize alert disposition, and add anomaly trusted lists to suppress alerts from trusted resources. ### What are anomaly training model thresholds? Anomaly training model thresholds refers to a method for defining different thresholds for training the models for anomaly detection for UEBA and network anomalies. You can set the training model threshold to low, medium, or high. These thresholds are used to determine the volume (e.g., a minimum of 100 user events) and duration of data used (e.g., 30 days) for training the models. ### What is an anomaly trusted list? An anomaly trusted list is a method of suppressing specific resources you don't want to generate alerts for. For example, if there are IP addresses you're using to perform penetration testing, you can add those IPs to a trusted list to suppress their alerts. ### What is an audit event? Audit event refers to a set of RQL-based policies that monitors audit events in your environment for potential policy violations. You create audit policies to flag sensitive events such as root activities or configuration changes that may potentially put your cloud environment at risk. ### What are network anomaly policies? Network anomaly policies are anomaly policies that continuously monitor network logs for malicious network traffic using machine learning, as well as matching IPs against AutoFocus. Network anomaly policies can detect various threats such as botnet, ransomware, and worm attacks. ### What is authorization? Authorization involves granting authenticated users access to resources or system functions based on predefined policies. In Kubernetes, this concept is known as role-based access control (RBAC). RBAC grants user groups, such as developers, permission to interact with specific resources or functions according to their job requirements. Implementing robust and consistent user authorization policies ensures that users have only the minimum necessary privileges, reducing the risk of unauthorized access and privilege escalation. ### What is secure identity storage? Secure identity storage refers to solutions and mechanisms designed to safely store sensitive information, such as passwords, cryptographic keys, API tokens, and other secrets, in a highly protected and encrypted manner. Secret vaults and hardware security modules (HSMs) are two common examples of secure identity storage. Secret Vaults are secure software-based storage systems designed to manage, store, and protect sensitive data. They employ encryption and access control mechanisms to ensure that only authorized users or applications can access the stored secrets. Examples of secret vaults include HashiCorp Vault, Azure Key Vault, and AWS Secrets Manager. Secret Vault Features * Encryption at rest and in transit * Fine-grained access control * Audit logging and monitoring * Key rotation and versioning * Integration with existing identity and access management (IAM) systems Hardware security modules (HSMs) are dedicated, tamper-resistant, and highly secure physical devices that safeguard and manage cryptographic keys, perform encryption and decryption operations, and provide a secure environment for executing sensitive cryptographic functions. HSMs are designed to protect against both physical and logical attacks, ensuring the integrity and confidentiality of the stored keys. Examples of HSMs include SafeNet Luna HSM, nCipher nShield, and AWS CloudHSM. Key Features of HSMs * FIPS 140-2 Level 3 or higher certification (a U.S. government standard for cryptographic modules) * Secure key generation, storage, and management * Hardware-based random number generation * Tamper detection and protection * Support for a wide range of cryptographic algorithms Both secret vaults and HSMs aim to provide a secure identity storage solution, reducing the risk of unauthorized access, data breaches, and other security incidents. Choosing between them depends on factors such as security requirements, budget, and integration needs. ### What is User Entity and Behavior Analytics (UEBA)? UEBA refers to a set of anomaly policies for identifying deviant user activity, such as a user logging on from an unknown location, successive login attempts from distant geographical locations, and an usually large number of compute resources being created. Related Content [The Definitive Guide to Container Security Securing your containerized applications is a critical component of maintaining the integrity, confidentiality and availability of your cloud services.](https://www.paloaltonetworks.com/resources/ebooks/container-security-definitive-guide?ts=markdown) [Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms To understand the impact of excessive permissions, we analyzed popular Kubernetes platforms --- distributions, managed services, and common add-ons --- to identify infrastructure compo...](https://www.paloaltonetworks.com/resources/whitepapers/kubernetes-privilege-escalation-excessive-permissions-in-popular-platforms?ts=markdown) [Container Security 101 Understanding the Basics of Securing Containers breaks down what organizations need to know to protect against breaches, malware, and malicious actors.](https://www.paloaltonetworks.com/resources/guides/prisma-container-security101?ts=markdown) [Guide to Operationalizing Your IaC Security Program Infrastructure as code (IaC) plays a key role in containerized applications. Get a step-by-step plan to help you choose your IaC security path based on your needs, operationalize a...](https://www.paloaltonetworks.com/resources/whitepapers/guide-to-operationalizing-your-iac-security-program?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Container%20Security%3F&body=Explore%20container%20security%2C%20a%20crucial%20process%20for%20protecting%20containerized%20applications%20and%20infrastructure%20throughout%20their%20lifecycle%2C%20from%20development%20to%20runtime.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-container-security) Back to Top [Next](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown) Managing Permissions with Kubernetes RBAC {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language