Tigera, an
enterprise software company providing security and compliance solutions for
Kubernetes platforms, announced its new Tigera Secure Enterprise Edition
2.4 is now generally available. The new version is the world's first security
software that enables enterprise security teams to provide network security and
compliance for Kubernetes platforms while extending their existing zone-based
architectures. Tigera Secure works with current hardware and software firewalls
on-prem and in the cloud, saving organizations significant amounts of
resources, time and money.
Security teams run into several
problems when trying to secure modern applications running on Kubernetes.
- Existing
zone-based security architectures cannot be extended to Kubernetes because the
workloads use ephemeral, dynamic IP addresses that cannot be used to identify a
workload. Security teams resort to opening large IP ranges between security
zones, allowing all Kubernetes traffic to flow through the architecture.
- Modern
applications often integrate with third-party APIs like Twilio, SaaS services
like Zuora and Salesforce, and resources outside the cluster like AWS RDS
databases and VMs. To enable those integrations to work, security teams must
allow large IP ranges to egress through the firewall and are unable to provide
fine-grained access to specific workloads.
- Without the
ability to recognize a workload identity, network flows cannot be logged
properly. The data misses context that is unique to Kubernetes, such as
namespace, pod name, labels, and container ID. Without this information,
debugging service issues and performing forensic analysis is not possible.
- For
workloads that are in-scope for compliance controls, the data required to
perform an audit is incomplete or missing. This can result in compliance
findings since the security team cannot prove adherence to their control
framework.
While Kubernetes workloads are
growing rapidly they currently represent a small fraction of the workloads that
a security team has to secure. Consequently, redesigning their current security
architecture isn't a feasible option since a significant investment has gone
into acquiring technology, designing processes, and training teams. Security
teams are looking for a way to extend their current investments in technology
and processes to support new Kubernetes workloads
"With the release of Tigera Secure
Enterprise Edition 2.4, we're the first to close a big gap that has frustrated
security teams and delayed application deployments," said Ratan Tipirneni,
president and CEO at Tigera. "Until now, they were not able to use their
existing security architecture to secure their applications running on
Kubernetes. And, importantly, with the increase in service-to-service traffic
flowing the network, they had to consider buying additional hardware and
firewall licenses which can cost millions of dollars. But, now with Tigera
Secure Enterprise Edition 2.4, they can extend their firewalls to secure
dynamic Kubernetes workloads without disrupting any of their processes or
retraining their teams."
Enterprise security and IT
professionals from companies such as Atlassian and Monzo Bank rely on Tigera's
software to protect their modern business applications and to generate reports
used for internal and third-party compliance audits.
The potential cost of
non-compliance to privacy regulations is staggering and it continues to grow,
according to a report from
Globalscape and the Ponemon Institute last May. Non-compliance costs businesses
on average $14 million, a 45 percent increase since 2011. Security
professionals need to keep compliance in mind for their Kubernetes in-scope
workloads, because they cannot be properly secured using their existing
zone-based architectures, and could result in major fines.
New features or key enhancements
enabling this new capability in version 2.4 include:
- New DNS
Policies enable fine-grained access controls between individual Kubernetes pods
and third-party APIs, SaaS platforms, and resources outside the cluster -
on-prem and in the cloud.
- Tigera
Secure now ingests Threat Intelligence Feeds and blocks traffic from leaving
your cluster to IPs known for malicious activity.
- Powerful,
in-depth compliance reports to meet key security controls required by PCI, SOC
2, and other certifications and frameworks.
- Easier and
quicker deployments with Helm charts.