Techniques for securing containerized applications are disclosed. In some embodiments, a system, process, and/or computer program product for securing containerized applications includes detecting a new application container (e.g., an application pod); deploying a security entity (e.g., a firewall) to the application container; and monitoring all traffic to and from the application container (e.g., all layer-7 ingress, egress, and east-west traffic associated with the application container) using the security entity to enforce a policy.