---
title: Shielded GKE Nodes should be enabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Shielded GKE Nodes should be enabled
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Shielded GKE Nodes should be enabled
 
## Description{% #description %}

Shielded GKE Nodes provide verifiable node integrity through secure boot, virtual Trusted Platform Module (vTPM)-enabled measured boot, and integrity monitoring, protecting clusters against boot- or kernel-level malware and rootkits that persist beyond an infected OS.

## Remediation{% #remediation %}

Enable Shielded GKE Nodes on the cluster under the Security settings, or run `gcloud container clusters update`. See [Using Shielded GKE Nodes](https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes) for the full procedure.

## References{% #references %}

- [Using Shielded GKE Nodes](https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes)
- [CIS Google Kubernetes Engine Benchmark](https://www.cisecurity.org/benchmark/kubernetes)
