Skip links

Open Observability Day 2022

⚡Lightning Talk

Making Sense of Observability with Auto-Discovered Security Policies

Ankur Kothiwal, Accuknox


It is common to analyze network and system logs for generating security policies, but the manual process is inefficient and has a high chance of missing important logs. Discovery Engine is an open-source policy recommendation system, which can act as a plug-in for K8s environments that discovers network and system policies based on the logs collected from the various container network interfaces (CNIs). The engine leverages aggregation techniques to reduce the number of policies discovered, uses pod labels for rules specification, and handles the discovery across multiple dimensions (networks, systems). This talk will help in providing an insight into how the auto policy discovery tool works, its use-cases, and the requirement for an automated runtime policy generating engine in the changing cloud-security environment.

Presentation Deck



Ankur Kothiwal
Software Engineer, Accuknox

Ankur is a software engineer at Accuknox and maintains open source KubeArmor project. KubeArmor provides runtime protection for Kubernetes and other cloud workloads using eBPF and Linux Security Modules (LSM). Previously, he has contributed to the FreeBSD Project and also has experience in systems software engineering. He loves to speak and write about open-source, cloud security and Linux kernel.