Integrate continuous workload protection

Connect bifrost to your CI/CD pipeline, and bifrost will learn your application behavior from every new build, providing up-to-date and tailored runtime security for every workload.

Only allow the intended behavior

Custom-tailored security profiles for every workload, regardless of the language.

Integrates into
your workflow

No code changes required, and no additional dependencies. Just update the deployment file.

Insights for
every build

Detailed insights into workload evolution, required permissions, build diffs, and necessary syscalls.

getting started

How it works

bifrost works with your existing Kubernetes environments, supporting the K8s-native ways to enable runtime security profiles.

The bifrost agent

bifrost agent is ready to serve. Deployed via helm install, the agent gets distributed to your K8s cluster as a DeamonSet.

The agent will handle everything for you, from keeping tabs on every connected workload, retrieving the audit events for bifrost service for processing, to distributing the security profiles.

Update workload deployment

Connect your workloads by adding a few lines to the deployment specification, redeploy, and bifrost will go to work!

Exercise your workload, and bifrost will audit the behavior across your development environments.

Secure your production

Once the behavior is captured, connect the production environment, and bifrost will automatically tailor the runtime security profile for each workload.

Henceforth, every new build that passes through your pipeline will get up-to-date security profiles, and you will be more protected by default.

Tailored enterprise-grade security

bifrost builds upon Linux Security Modules, giving you all the benefits of Kernel-level security without all the downsides of managing complex, manual, and time-consuming work.

Writing custom profiles is hard

Managing AppArmor profiles is challenging. Each workload should get a tailored profile, requiring a deep understanding of AppArmor’s syntax and each workload’s behavior. As workloads grow, maintaining these profiles becomes increasingly complex, risking misconfigurations that could compromise security or performance.

Kubernetes’ dynamic nature adds to the difficulty, with frequent deployments, updates, and removals requiring constant profile updates. This process demands significant time and resources, diverting focus from broader security goals. Even minor oversights can create vulnerabilities, highlighting the difficulty of maintaining strong security in such environments.

biforst takes care of this for you

Once integrated, bifrost monitors all your workloads, understanding each need and behavior and crafting up-to-date profiles for every new build. With the bifrost intelligence, anomalies and bad behavior can be identified quickly during development, proactively protecting your production and customer data.

The bifrost portal

The bifrost portal will guide you in connecting everything. Once up and running, it will provide a bird' s-eye view of your deployment, current status and alerts, and detailed behavior data for every connected workload.

integrations

Not another dashboard

We know many dashboards are around, competing for your attention. We don’t intend to add to that list. There are already too many good alternatives.

We will focus on understanding your workload behavior, providing proactive security, and staying out of your way. We’ll only notify you when it matters using the tool of your choice.