Place apps in containers Send threats overboard October' 24 Kaspersky Container Security Part of

Protecting containerized environments and enhancing your organization's hybrid infrastructure security Kaspersky Container Security is a security solution that covers every stage of a containerized app's lifecycle, from development to operation. It protects your organization's business processes in line with security standards and regulations, and supports implementation of the DevSecOps approach. Kaspersky Container Security delivers comprehensive protection from the latest cyberthreats, and automates your compliance audits, freeing up the resources of your information security team to focus on other tasks, and shortening time to market. Kaspersky Container Security has been developed specifically for on‑premise and cloud containerized environments, ensuring protection at different levels from container image to host OS. Kaspersky Continer Security is a part of the Kaspersky Cloud Workload Security solution. It provides comprehensive protection from attacks and reduces threat detection and response times in cloud environments. Key features Integration into the development process • Integration with image registries and CI/CD platforms • Integration with security and notiﬁcation systems Regulatory compliance audit • Vulnerability analysis based on NIST database • Best practices audits Orchestrator protection • Enforces runtime container security • Integration with orchestration platforms • Monitoring processes and events in the cluster Visualization and inventory of cluster resources • Fully customized widgets to reveal cross-section data • Transparent inventory of resources Containerization Containerization is one of the primary global soﬅware development trends. The technology allows to accelerate the app design and delivery process. However, traditional security solutions aren’t suitable for the architectural features of containerized environments. * Source: Kaspersky. Managing Geo-Distributed businesses, 2024 of companies suﬀered >1 incident in Kubernetes within the last 12 months* 85% of companies repoed a leak of conﬁdential data due to container security issues* 39% of companies lost revenue within the last 12 months due to container security issues* 38%

Kaspersky Container Security architecture Integration into the development process Protection during store and build stages KCS Scanner (images and IaC) Container image Container image Registry Build Store Runtime protection Infrastructure protection Implementation and launch platform Orchestrator Container Container runtime Operating system Working node Container Container KCS Agent Launch control* Launch control, running container protection, compliance checking * Kaspersky Container Security (KCS) enables protection at every stage of app design and operation. It consists of three components: KCS Agent, KCS Scanner and KCS Control Server. Detects vulnerabilities at container, cluster, and orchestrator levels, ensuring runtime security. Installs into the cluster as a stand-alone container on each node. Checks the image registry for relevance and security. The scanner also checks images as part of the CI process, thus reducing the build stage risks. Installs into the cluster with the orchestrator's server components. Responsible for monitoring the status of the solution components and interaction between them, as well as aggregation of information on detected events. Installs into the cluster with the orchestrator's server components. KCS Agent Research • Scans IaC and Dockerfile for configuration errors and secrets • Checks registry images Registry and version control system Designing and testing • Scans images for vulnerabilities, malware, and secrets CI tools Execution • Container launch monitoring and control in accordance with security policies • Behavioral analysis of containers Orchestrator Delivery and deployment • Image delivery control and security policy compliance audit CD tools KCS Scanner of images and infrastructure KCS Control Server

Globally renowned security Kaspersky Container Security's features and capabilities are in line with global best practices for container security. Internationally recognized and award-winning protection. Comprehensive protection for containerized environments Protection at diﬀerent levels of the containerized environment architecture. App security for every stage of the lifecycle. Easy operation — reliable protection Real-time visualization of threats. Reduces the necessity of involving the information security team while improving the quality and speed of security checks. Regulatory compliance Best practices audits. Transparent repoing system. Advantages for business Provides container image protection, integration with image registries, orchestrators, CI/CD platforms, and SIEM solutions. Ensures protection of containers in the runtime environment, provides enhanced monitoring capabilities and tools for compliance checks. Licensing tiers and objects Standard Advanced * Quantity of nodes on which the KSC Agent is deployed are taken into account 1 license 1 node with containers*

Suppoed solutions Pa of Kaspersky Cloud Workload Security Public clouds Private clouds VDI platforms Orchestrators Image registries CI / CD platforms Kaspersky Container Security in combination with Kaspersky Hybrid Cloud Security forms a comprehensive cloud workload security solution for reliable, world‑class protection from attacks together with shorter threat detection and response times in cloud environments. The Kaspersky Cloud Workload Security solution ensures comprehensive protection of your hybrid and cloud infrastructures: virtual machines / container clusters. Docker K8s Cloud Security Posture Management (planned) Image registry Physical server Viual machine VDI Private and / or public clouds App or service