Carbonetes Comes Online with Cloud Native Container App Security Testing Solution

July 22, 2020

Carbonetes emerged from stealth to offer enterprises the seamless ability to analyze the security of containerized code in real-time.

Founded in early 2019 by CEO, Mike Hogan, serial entrepreneur with multiple exits and an IPO from companies such as DeepData, Novell, POET and ScaleDB, Carbonetes was created in response to the observation that the container security market lacked a comprehensive, scalable solution that can keep up with accelerating velocity of container development. Coming from a developer background and focus, Mike and team, frustrated with piecing together several on-premise applications to properly secure their containers, recognized the need for a cloud service that combined all of these capabilities, while delivering lightning fast performance.

"The existing container security solutions require assembly of disparate expensive tools to analyze containers across a spectrum of threats. With Carbonetes, containers are analyzed for all threats. Open source tools are analyzed for dependencies, vulnerabilities and licensing, while native code is analyzed for vulnerabilities, secrets, configuration issues, and malware. This service runs inside a Kubernetes cluster, providing unrivaled scalability and performance," said Mike Hogan, Founder & CEO of Carbonetes. "Given the ephemeral nature of containers that are repaired or replaced at high-velocity, Carbonetes is the only solution that offers customers the speed and range of coverage needed for container application security testing success."

Carbonetes provides the most comprehensive container analysis service, simultaneously analyzing all aspects of the container's contents: open source (SCA: vulnerabilities, licensing, and dependencies), native code (vulnerabilities and secrets), as well as configuration and malware. By leveraging Kubernetes' automated scaling, the analysis runs in parallel for industry-leading performance.

Carbonetes CAST Solution:

Software Composition Analyzer: Analyzes open source tools for dependencies and vulnerabilities.

License Analyzer: Creates a list of licenses associated with each open source tool in the container.

Configuration Analyzer: Identifies risks in container configuration, such as privilege, root access, scaling constraints, memory utilization, and more.

Secrets Analyzer: Identifies sensitive data in the container that could be compromised, such as passwords, AWS keys, credentials, and more.

Multi-Engine Vulnerability Analyzer: Provides best of class vulnerability analysis with threat levels, CVE details, and the location in code along with suggested fixes.

Malware Analyzer: Protection from trojans, viruses, and malware.

Unlike existing code analysis tools that analyze each container sequentially, Carbonetes leverages the power of Kubernetes to process all containers simultaneously. For example, if you are analyzing 100 containers, Carbonetes creates 100 pods that all work in parallel, providing results in 1% of the time it would take competing tools.

Carbonetes provides a rich set of tools for creating, editing, testing and managing security policies. Analysis results are evaluated against policies to determine the appropriate action. Developers are then provided with the details necessary to secure their containers. This is all automated through seamless integration with the CI/CD pipeline.

The company's advisory board is stacked with industry experts including, Mike Viscuso (VC & Founder, former CTO of Carbon Black), Anthony Bettini (CTO White Hat Security, Tech Editor of Hacking Exposed), Jeremy Carlson (OEM Sales Kaspersky), Brendan Hogan (Strategy & Business Development VMWare) and Tom Barsi (VP Corporate Development VMWare Carbon Black).

Terms of Use | Copyright 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement