Introducing Bifrost: Behavior-Based Security for Kubernetes
We're excited to announce Bifrost, a new approach to Kubernetes runtime security that uses behavior-based allow-listing to protect your containers.
Bifrost Team
bifrost security
Today, we’re excited to publicly introduce Bifrost—a new approach to securing Kubernetes workloads that we’ve been building for the past two years.
The Problem with Traditional Security
Traditional container security tools work by detecting known bad behavior. They maintain databases of malware signatures, vulnerability patterns, and attack indicators. When something matches, they alert you.
This approach has a fundamental flaw: it can only protect against known threats. New malware, zero-day exploits, and novel attack techniques slip through undetected until someone discovers them and adds them to the signature database.
A Different Approach
Bifrost takes the opposite approach. Instead of trying to detect bad behavior, we learn what good behavior looks like and only allow that.
Here’s how it works:
-
Observe: Bifrost uses eBPF to observe your containers during normal operation, learning what syscalls they make, what files they access, and what network connections they establish.
-
Generate: Based on this observation, Bifrost automatically generates precise AppArmor security profiles that match your application’s actual behavior.
-
Enforce: These profiles are enforced at the Linux kernel level. Any behavior not in the allow-list is blocked automatically.
Why This Matters
This allow-listing approach provides several key benefits:
- Zero-day protection: Unknown attacks are blocked by default because they don’t match known-good behavior
- Supply chain security: Compromised dependencies can’t execute malicious code if that code isn’t in the allow-list
- No signature updates: You don’t need to constantly update detection rules to stay protected
- Precise policies: Each workload gets a tailored profile based on its actual needs
Getting Started
Bifrost is available today. You can:
- Start a free trial to test it in your environment
- Schedule a demo to see it in action
- Read our documentation to learn more
We’re excited to help you secure your Kubernetes workloads with a fundamentally better approach. Welcome to the future of container security.
Tags
Ready to see runtime security in action?
bifrost automatically generates tailored security profiles for your containers and cuts CVE noise by up to 90%. Free trial, no credit card required.