ZeroLock Deployment and Integration


Introduction

Internationally renowned cryptographer, Bruce Schneier, wrote that “complexity is the worst enemy of security, and our systems are getting more complex all the time.” This statement is especially true today as AI proliferates and is used to target and refine cyber-attacks. The mantras of “security first,” “everyone is in the business of security,” and “shifting security left” inundate users, developers, and admins alike. While these are ideal goals, what have any of those done to simplify security? Arguably, one could say, “Not much.” Why haven’t security professionals been able to move that needle as much as we would all like? Complexity. Security continues to struggle to balance what we know are best practices with having to protect legacy systems, applications, and architectures that adhere to few—if any—of those principles. As a result, we are faced with competing needs, leading to a need for added complexity, exceptions to security guidelines, and therefore, gaps in coverage, and potentially visibility for environments we need to protect.

When it comes to cloud, containers and Kubernetes, and Linux in general—the platforms upon which most businesses now run their most critical workloads and host their most sensitive data—these challenges are especially acute. Legacy protection is fragmented across distributions and versions of Linux limiting comprehensive and consistent coverage. Features that have long been table stakes for Windows don’t exist for these environments. Installation, management, and the ability to respond on these platforms is cumbersome, manually intensive, and as a result requires more time and a higher level of skill to respond.

Vali Cyber’s ZeroLock® cuts through the complexity to provide an effective, efficient, and simple solution to securing cloud, containers and Kubernetes, and Linux that offers a full feature set that security professionals and executives have come to expect for other operating systems. By design, ZeroLock’s implementation for both the management and the client side provides a consistent, predictable model that integrates into any architecture and doesn’t require you to rearchitect either our solution or your environment.

Server-side architecture

Vali Cyber’s ZeroLock management architecture is fully containerized. Each component required to install, manage, detect, and respond to threats is built to be scalable, resilient, and flexible so that deployment of ZeroLock fits into your architecture today, and adapts and grows with your security needs in the future.

This containerized architecture allows for an autoscaling capable management infrastructure that won’t be overwhelmed during a targeted attack. This design naturally supports distributed management models without flooding lower capacity links.

Uniquely, the Vali Cyber management platform maintains full feature parity for all customers, whether they utilize the Vali Cyber’s managed SaaS, a self-managed public/private cloud installation, or a dark network/SCADA model of deployment.

ZeroLock Deployment

Client-side architecture

On the client side, the Vali Cyber Agent is a lightweight (50 MB) agent that does not modify the kernel allowing it to run on any Linux distribution with a kernel version of 3.5 or later, and any container and Kubernetes environment. The agent is self-contained and self-protecting, as well as offering highly effective protection to the systems and environments it runs on. Being a cloud and Linux native agent means understanding the ephemeral nature of containers and workloads, as well as understanding and protecting the unique attack surfaces in today’s cloud native and hybrid architectures.

This understanding allows ZeroLock to be deployed to support and protect multiple scenarios. ZeroLock can be deployed in the traditional sense, with an agent installed on each bare metal or VM running Linux. ZeroLock can also be installed as a part of the CI/CD pipeline so that each container has an agent installed and running to protect the container as soon as it is instantiated.

There are instances where the traditional agent deployment model will not work. ZeroLock supports these cloud native deployment models as well. Deploying the ZeroLock agent on a VM or bare metal system that runs containerized workloads, such as web servers, or proprietary applications allows the ZeroLock agent to monitor and protect each of the containerized workloads from the single installed agent.

For public cloud deployments, where you don’t have access to the underlying operating system, Vali Cyber can be deployed as a privileged container which can then monitor and protect the other containers and workloads running within the application space.

APIs and Third-Party Integrations

Legacy, Windows centric solutions are designed for monolithic installations with little variability in architecture. Windows solutions require separate consoles and in keeping with the proprietary nature of Windows, don’t typically integrate well within the security ecosystem.

Vali Cyber’s ZeroLock is 100% API driven. Everything that can be done in the native console can be done using our secure APIs. Leveraging the APIs allows customers to seamlessly integrate ZeroLock into their existing security stack and playbook. By integrating ZeroLock into an existing SOAR such as ServiceNow, enables a workflow using the existing tools to monitor and respond to attacks; without the need to log in to the ZeroLock console. The figure below shows optionality for maintaining a more manual approach as other vendors require, and what a fully automated threat detection and response would look like with the ZeroLock solution. Reducing the time it takes to respond to a threat is critical in protecting cloud and edge workloads. Vali Cyber’s ZeroLock allows you to automate responses to attacks and still maintain all of the telemetry, IoC’s and IoA’s required to maintain a hardened environment and minimize the attack surface.

ZeroLock Deployment

The Vali Cyber ZeroLock APIs allow you to integrate the solution into your existing security stack and workflow seamlessly. Whether you are looking for alerting through syslog or email, customized dashboards in Splunk, or full integration into existing playbooks, ZeroLock’s secure API’s give you the ability to make the best decisions for your business.

Summary

Cloud, containers and Kubernetes, and Linux, now run the most critical workloads and host the most sensitive data in business today. Vali Cyber’s ZeroLock provides an effective, simple, scalable, and flexible solution designed to meet the demanding challenges of protecting cloud and edge critical workloads. Whether you are protecting High Performance Computing systems, cloud-based applications, or industrial control devices or IoT devices, ZeroLock provides the contextual awareness and flexibility to keep your environments secure without having to rearchitect workflows and security response playbooks.