New Whitepaper - Kontainers for Strategic Defense Against Zero Day Attacks. Download Now

Introducing Kontainers

Next-Generation Application Deployment Built for Developers

Applications today are rapidly progressing toward a world of decentralized computing.

  • Applications are broken down into hundreds of connected microservices.
  • Significant computing power is being pushed to the edges of the network.

Why are we still depending on a decade-old container architecture that was not designed for today’s modern, microservice-centric app provisioning and deployment?

It is Time to Carve the Path for Modern Software Deployment.

Kontainers
Highlighted Capabilities

Instant start and stop for microservices and functions

Vanilla containers start slowly, taking up to tens of seconds to warm up, so adequate end-user response time requires containers to be running all the time, even before there is user demand. That wastes cloud instances, money, and carbon.

Kontainers:
  • >100x faster microservice start
  • Scale-up on demand instantly; scale to zero when not needed
  • Works for any language runtime

Smaller Artifacts

Vanilla containers typically include the kitchen sink, with artifacts often including enormous amounts of code that aren’t needed to run the container in production. That wastes resources and fattens the attack surface. For example, a Python container pulled from Docker Hub is about 30 times the size as the equivalent kontainer built from the same source code.

Kontainers:
  • Include only the necessary functionality
  • Smaller attack surface
  • Smaller blast radius
  • Reduced image size

Strong microservice isolation reduces the blast radius

Exploits can escape a vanilla container to take control of the underlying OS kernel, then attack other containers or leverage even more exploits to metastasize across the cluster.

Kontainers: Hardware-assisted workload isolation
  • Tiny, optimized virtual machine “Kontains” blast radius
  • Stops container breakout hacks
Reduced attack surface
  • Tiny virtual machine
  • Tiny unikernel OS
  • Reduced syscall surface
  • Smaller app code (optimized linking, leave out the kitchen sink)

Modern Containerization Essentials
for Modern Deployment

Scalability

  • Thousands of containers per node
  • Scale to zero
  • Small footprint
  • True ephemerality

Performance

  • >100x faster microservice start
  • Consistently fast; no pre-warming

OpEx Savings

  • Up to 10x less hardware
  • Simpler DevOps
  • No idle microservice waste

Security

  • Per-instance VM isolation
  • Reduced attack surface
  • Small footprint
  • Fresh kontainer at every invocation

Developer Efficiency

  • Industry standard format
  • Toolchain compatibility
  • Design for scale, security, savings

WAIT but that is not all!

  • CRI-compatible runtime for Docker and K8s
  • Coexists with regular containers
  • Runs in standard Kubernetes
  • Deploys alongside regular containers & K8s pods
  • Easy deployment to public cloud
  • Unchanged developer workflow
  • Unchanged CI/CD pipelines & DevOps tooling
  • Run existing containers in Kontain VM

Use Case Showcase

Tiny attack surface and small blast radius reduce security vulnerability

Kontainers offer the ultimate in efficiency and scalability — but enterprises turn to us most for our unprecedented security.

Security – Log4Shell

The most famous zero-day attack of late is Log4Shell. A bug in a program called Log4j, used in countless numbers of Java applications built over the last two decades, forced every company doing business on the internet to scrutinize their software to determine their vulnerability. The code Log4Shell needs to successfully penetrate your network isn’t present in kontainers — and this is true of many other zero-day exploits.

Don’t wait for the next zero-day to sting you. With kontainers, you lose the fat attack surfaces and reduce the blast radius.

GET STARTED – RUN AT YOUR OWN PACE

1

Run existing containers in Kontain Free

  • Isolates each container instance in a private VM
  • Partially reduces attach surface, blast radius
  • Protects against container escape
2

Convert vanilla container to Kontainers

  • Much smaller artifacts
  • Fully reduces attack surface & blast radius
3

Optimize app architecture & DevOps practices

  • Take advantage of instant cold start
  • Designed for ephemerality
  • Improves UX via faster app responsiveness
  • Faster and easier DevOps scaling
  • Reduced attack surface
  • Lower OpEx, lower carbon footprint

Essential Integrations for Seamless Workflows

20.04
34 and above
Amazon Linux 2
with Kernel version 5.1

Languages:

  • Compatible with all languages and runtimes, but most commonly used with C/C++, Golang, Python, Java, JavaScript, Deno

Operating Systems:

  • Ubuntu 20.04
  • Fedora 34 and above
  • Amazon Linux 2 (with kernel version 5.10 and above)
  • RHEL 7 or above (with kernel version 5.10 and above)

Container Runtimes:

  • Docker
  • CRI-O

Kubernetes Versions:

  • Kubernetes native
  • kind
  • minikube
  • AWS AKS
  • GCP GKE
  • Azure AKS
  • RedHat OpenShift
  • k3s