StackRox,
the leader in security for containerized cloud-native applications,
today announced new capabilities in the StackRox
Container Security Platform that leverage the platform’s multiple
integrations with Kubernetes. The latest enhancements allow businesses
to gain a deployment-centric view of their environment, quickly
prioritize risks based on rich context, leverage Kubernetes for robust
and scalable policy enforcement, and significantly improve the security
of their container and Kubernetes environments.
In their research, “Answering the 10 Biggest Questions About Containers,
Microservices and Docker” (March 2018), Gartner analysts note that,
“intercontainer communication needs to be monitored and secured, and
traditional-host-based tools are ineffective in doing it.” Gartner goes
on to advise Infrastructure and Operations leaders to follow best
practices, including “Proactively detect and monitor abnormal behavior
by using container granular security tools that can provide
container-native and service-level views, and that can aid in the
prevention of malicious application traffic.”
New capabilities available in the latest release of the StackRox
Container Security Platform include:
Deployment-Centric Visibility. StackRox’s deep integration
with Kubernetes delivers visibility centered around deployments
versus simply an image, enabling DevOps and Security teams to
speak a common language and eliminate confusion. DevOps and
Security teams can quickly visualize all of their deployments and
pods across namespaces and clusters. Visibility at the deployment
level is essential to managing policies and addressing
misconfigurations effectively in a Kubernetes environment.
Multi-Factor Risk Profiling. StackRox leverages its
integration with Kubernetes to deliver deeper insight into cluster
details, labels and annotations, privileges, secrets and network
reachability to more accurately prioritize risks. Details such as
whether a cluster is running in test or production, the owner of
the application, the type of data and secrets accessed, and the
network configuration of the deployment (e.g., is it reachable
from the Internet) all provide helpful context far beyond
vulnerability data.
Network Policy Management. StackRox network policy
enforcement capabilities include the newly added network graph,
policy recommendation engine, and policy simulator. These features
all tie into Kubernetes to enable a robust, scalable and portable
solution for network segmentation. The network graph displays
allowed versus actively used communications paths among namespaces
and deployments as well as Internet reachability of deployments.
The policy recommendation engine provides actionable steps to
disable unnecessary communications paths among these assets. The
policy simulator enables DevOps and Security teams to preview new
network policies, visualize their network connectivity paths, and
confirm the policies are accurate before applying them in
Kubernetes.
“As Kubernetes continues its astonishing pace of adoption as the
orchestrator of choice for cloud-native environments, it becomes an
increasingly attractive target for attackers. Given that many
organizations are still getting educated on Kubernetes security best
practices, they are at increased risk for exposing their applications
and data,” said Wei Lien Dang, StackRox Vice President of Product. “The
StackRox mission is to deliver a platform for DevOps and Security teams
alike to operationalize security for their Kubernetes and container
environments. We developed our new capabilities for better visibility,
richer context, and stronger enforcement — tied to our deep integrations
with Kubernetes — to provide more ways to reduce the container attack
surface, mitigate known vulnerabilities, and limit the impact of attacks
efficiently and effectively.”
Deployed as a set of containers using Kubernetes YAML files or Helm
charts, the StackRox Container Security Platform supports all Kubernetes
deployment modes, including self-managed clusters; managed services such
as Amazon EKS, Azure AKS, and Google GKE; and Kubernetes distributions
such as Red Hat OpenShift and Docker Enterprise Edition.
These new capabilities are available in the current release of the
StackRox Container Security Platform. For more information on StackRox’s
focus on Kubernetes security, click
here.
