Secure Kubernetes

Critical workload protection platform for Kubernetes containers

Addresses the concern of runtime security, protecting against container breakout attacks and information gathering on your operating system.

ARCA is built with defense-in-depth security in mind – from minimal OS images, container image authenticity, and policy enforcement and monitoring to hardened kernel, container sandboxing, and secure cluster communication.

Minimal OS Images

Reduces the attack surface – OS includes just the software that is needed.

Hardened Kernel

Any interference leads to kernel lockdown.

Container Sandboxing

Secure-by-default deployments. Automatic isolation in case of exploit.

Read-only OS images

Hostile workloads cannot run without permission.

Secure Cluster Communication

Infiltration by rogue hosts into an existing Kubernetes cluster automatically fails.


A trusted boot chain, RoT embedded in the motherboard’s TPM. Only trusted kernels can boot.

Case studies

Geosatis, IoT electronic monitoring

Geosatis used CYSEC ARCA to meet hardware security module and key management requirements for a new, more secure product line.

Learn more >

METACO, digital asset management, fintech

METACO deployed CYSEC ARCA trusted OS, to provide the secure hardware that would protect high-value client data on their SILO platform.

Learn more >