1、Orlando,FLOctober 69IBM TechXchange 20254627-Open Horizon project update from partner AccuKnoxRon Victor,AccuKnoxJoe Pearson,IBMWhat you will learn in this session01020304KubeArmor&Security by DefaultWorkload Runtime Security in OHFalcon Tactical EdgeQ&AIBM TechXchange|2025 IBM CorporationKubeArmor
2、and ModelArmorEnables implementation of IEC 62443Principle of least privilege:Provide edge node components and external interfaces only the required access and deny everything else.Defense in Depth:Multi layered defense techniques to delay or prevent a cyber attack in the industrial network.Risk Ana
3、lysis:Practice used to address risks related to production infrastructure,production capacity,etc.What you will learn in this session01020304KubeArmor&Security by DefaultWorkload Runtime Security in OHFalcon Tactical EdgeQ&AIBM TechXchange|2025 IBM CorporationEnabled Use CasesProtection:Hardening us
4、e-casesNode Hardening:1.Protect systems folders:Do not allow updates to kernel modules on the host.2.Prevent root certificates updatesWorkload/Pod/Container Hardening:1.Protecting workload Secrets.Secrets could be injected in the workloads using volume mounts,environment vars,etc.Provide clear guide
5、lines and specific tooling to secure such secrets.2.Protecting sensitive assets mounted using volume mount pointsProtection:Enforcing principle of least privilege1.Network Segmentation and enforcing least privilege network access2.Enforce Process Whitelisting3.Enforce least permissive access to sens
6、itive assets.All volume mount points can be considered sensitive assets.4.Enforce least permissive process-based network control.Only allow certain set of processes to do network communication.Protection:Enforcing Network Protection1.Enforce Ingress/Egress controls using CIDRSets,Domain names,Protoc