ZeroLock Deployment and Integration

Introduction

Internationally renowned cryptographer, Bruce Schneier, wrote that “complexity is the worst enemy of security, and our systems are getting more complex all the time.” This statement is especially true today as AI proliferates and is used to target and refine cyber-attacks. The mantras of “security first,” “everyone is in the business of security,” and “shifting security left” inundate users, developers, and admins alike. While these are ideal goals, what have any of those done to simplify security? Arguably, one could say, “Not much.” Why haven’t security professionals been able to move that needle as much as we would all like? Complexity. Security continues to struggle to balance what we know are best practices with having to protect legacy systems, applications, and architectures that adhere to few—if any—of those principles. As a result, we are faced with competing needs, leading to a need for added complexity, exceptions to security guidelines, and therefore, gaps in coverage, and potentially visibility for environments we need to protect.

When it comes to cloud, containers and Kubernetes, and Linux in general—the platforms upon which most businesses now run their most critical workloads and host their most sensitive data—these challenges are especially acute. Legacy protection is fragmented across distributions and versions of Linux limiting comprehensive and consistent coverage. Features that have long been table stakes for Windows don’t exist for these environments. Installation, management, and the ability to respond on these platforms is cumbersome, manually intensive, and as a result requires more time and a higher level of skill to respond.

Vali Cyber’s ZeroLock^® cuts through the complexity to provide an effective, efficient, and simple solution to securing cloud, containers and Kubernetes, and Linux that offers a full feature set that security professionals and executives have come to expect for other operating systems. By design, ZeroLock’s implementation for both the management and the client side provides a consistent, predictable model that integrates into any architecture and doesn’t require you to rearchitect either our solution or your environment.

Server-side architecture

Vali Cyber’s ZeroLock management architecture is fully containerized. Each component required to install, manage, detect, and respond to threats is built to be scalable, resilient, and flexible so that deployment of ZeroLock fits into your architecture today, and adapts and grows with your security needs in the future.

This containerized architecture allows for an autoscaling capable management infrastructure that won’t be overwhelmed during a targeted attack. This design naturally supports distributed management models without flooding lower capacity links.

Uniquely, the Vali Cyber management platform maintains full feature parity for all customers, whether they utilize the Vali Cyber’s managed SaaS, a self-managed public/private cloud installation, or a dark network/SCADA model of deployment.

Client-side architecture

On the client side, the Vali Cyber Agent is a lightweight (50 MB) agent that does not modify the kernel allowing it to run on any Linux distribution with a kernel version of 3.5 or later, and any container and Kubernetes environment. The agent is self-contained and self-protecting, as well as offering highly effective protection to the systems and environments it runs on. Being a cloud and Linux native agent means understanding the ephemeral nature of containers and workloads, as well as understanding and protecting the unique attack surfaces in today’s cloud native and hybrid architectures.

This understanding allows ZeroLock to be deployed to support and protect multiple scenarios. ZeroLock can be deployed in the traditional sense, with an agent installed on each bare metal or VM running Linux. ZeroLock can also be installed as a part of the CI/CD pipeline so that each container has an agent installed and running to protect the container as soon as it is instantiated.

There are instances where the traditional agent deployment model will not work. ZeroLock supports these cloud native deployment models as well. Deploying the ZeroLock agent on a VM or bare metal system that runs containerized workloads, such as web servers, or proprietary applications allows the ZeroLock agent to monitor and protect each of the containerized workloads from the single installed agent.

For public cloud deployments, where you don’t have access to the underlying operating system, Vali Cyber can be deployed as a privileged container which can then monitor and protect the other containers and workloads running within the application space.