StackRox Upgrades Container Security Platform
January 24, 2019
has developed new capabilities in the StackRox Container Security
Platform that leverage the platform’s multiple integrations with
Kubernetes. The latest enhancements allow businesses to gain a
deployment-centric view of their environment, quickly prioritize risks
based on rich context, leverage Kubernetes for robust and scalable
policy enforcement, and significantly improve the security of their
container and Kubernetes environments.
Multi-Factor Risk Profiling. StackRox leverages its integration with Kubernetes to deliver deeper insight into cluster details, labels and annotations, privileges, secrets, and network reachability to more accurately prioritize risks. Details such as whether a cluster is running in test or production, the owner of the application, the type of data and secrets accessed, and the network configuration of the deployment (e.g., is it reachable from the Internet) all provide helpful context far beyond vulnerability data.
Network Policy Management. StackRox network policy enforcement capabilities include the newly added network graph, policy recommendation engine, and policy simulator. These features all tie into Kubernetes to enable a robust, scalable, and portable solution for network segmentation. The network graph displays allowed versus actively used communications paths among namespaces and deployments as well as Internet reachability of deployments. The policy recommendation engine provides actionable steps to disable unnecessary communications paths among these assets. The policy simulator enables DevOps and Security teams to preview new network policies, visualize their network connectivity paths, and confirm the policies are accurate before applying them in Kubernetes.
Kubernetes continues its astonishing pace of adoption as the
orchestrator of choice for cloud-native environments, it becomes an
increasingly attractive target for attackers. Given that many
organizations are still getting educated on Kubernetes security best
practices, they are at increased risk for exposing their applications
and data,” said Wei Lien Dang, StackRox Vice President of Product. “The
StackRox mission is to deliver a platform for DevOps and Security teams
alike to operationalize security for their Kubernetes and container
environments. We developed our new capabilities for better visibility,
richer context, and stronger enforcement – tied to our deep integrations
with Kubernetes – to provide more ways to reduce the container attack
surface, mitigate known vulnerabilities, and limit the impact of attacks
efficiently and effectively.”