Container Security Overview Demo June 2021


New technology needs a new kind of security

As organizations adopt new processes and technologies for building and running their applications, they require new types of security observability. Uptycs equips modern defenders with the functionality they need to protect container-based applications, whether run on on-premises, or in the cloud on a VM or in a serverless deployment. With Uptycs, you can identify vulnerabilities early in the process, verify secure configurations, ensure compliance, and continuously monitor in production.

Product Bundles At-A-Glance: Containers & Serverless
Container & Serverless Modules


  • Management
  • Inventory
  • Audit


  • Core


  • Flight Recorder App & 7-Day History
  • Compliance
  • Investigation


  • Threat Intel
  • Detection
  • Response
  • FIM


  • Vulnerability Detection
Product - Attack Surface - Containers - Insight

The Insight Modules

  • Simplify asset and inventory management for hosts and nodes
  • Map containers to nodes, and images to containers
  • Track when images start and stop
  • Build custom alert rules and reports to audit system configurations and perform real-time ad hoc queries
Product - Attack Surface - Containers - Visibility

The Visibility Modules

  • TLS-based centralized data forwarding model
  • View normal baseline and anomalous behavior for individual hosts, nodes, and groups
Product - Attack Surface - Containers - Compliance

The Comply Modules

  • Ensure secure and compliant configurations for hosts and nodes
  • Customizable audit rules and push-button reports for CIS Benchmarks covering Linux and Docker
  • Enables the add-on of FedRAMP, PCI, and SOC 2 compliance support (at additional cost)
  • Includes Uptycs Flight Recorder feature which enables Incident Response Teams to reconstruct machine state for forensic investigation—even for ephemeral container nodes and serverless tasks 
  • 7 days of historical telemetry stored for the Flight Recorder
Product - Attack Surface - Containers - Secure

The Secure Modules

The Secure modules include industry-leading MITRE ATT&CK coverage, with 600+ behavioral rules run in real-time in the Uptycs cloud platform, plus: 
  • Container-specific rules, such as shell access, defined by industry best practices such as the MITRE ATT&CK containers matrix.
  • Capture process and socket events captured inside containers via eBPF as well as Docker runtime events.
  • File integrity monitoring (FIM) and configuration file analysis inside of containers for security audits and operational visibility. For example, you can monitor container file systems to detect issues such as creating new entries in /etc/passwd within a container.
  • Run YARA malware detection scans in response to process or file events occurring inside containers.
  • Uptycs curated threat intelligence database, file-carving, workflow integrations (SIEM, ticketing, SOAR, etc).
Product - Attack Surface - Containers - Total

The Total Modules

  • Continuous vulnerability monitoring for Linux hosts and nodes in production
  • Scan container images as part of the CI/CD pipeline (at additional cost)
  • Quickly check for the latest CVEs included in security bulletins