Virtualization Technology News and Information
Tigera Secure Enterprise Edition 2.4 Enables Firewalls to Secure Dynamic Kubernetes Workloads
Tigera, an enterprise software company providing security and compliance solutions for Kubernetes platforms, announced its new Tigera Secure Enterprise Edition 2.4 is now generally available. The new version is the world's first security software that enables enterprise security teams to provide network security and compliance for Kubernetes platforms while extending their existing zone-based architectures. Tigera Secure works with current hardware and software firewalls on-prem and in the cloud, saving organizations significant amounts of resources, time and money. 

Security teams run into several problems when trying to secure modern applications running on Kubernetes.

  • Existing zone-based security architectures cannot be extended to Kubernetes because the workloads use ephemeral, dynamic IP addresses that cannot be used to identify a workload. Security teams resort to opening large IP ranges between security zones, allowing all Kubernetes traffic to flow through the architecture.
  • Modern applications often integrate with third-party APIs like Twilio, SaaS services like Zuora and Salesforce, and resources outside the cluster like AWS RDS databases and VMs. To enable those integrations to work, security teams must allow large IP ranges to egress through the firewall and are unable to provide fine-grained access to specific workloads.
  • Without the ability to recognize a workload identity, network flows cannot be logged properly. The data misses context that is unique to Kubernetes, such as namespace, pod name, labels, and container ID. Without this information, debugging service issues and performing forensic analysis is not possible.
  • For workloads that are in-scope for compliance controls, the data required to perform an audit is incomplete or missing. This can result in compliance findings since the security team cannot prove adherence to their control framework.

While Kubernetes workloads are growing rapidly they currently represent a small fraction of the workloads that a security team has to secure. Consequently, redesigning their current security architecture isn't a feasible option since a significant investment has gone into acquiring technology, designing processes, and training teams. Security teams are looking for a way to extend their current investments in technology and processes to support new Kubernetes workloads

"With the release of Tigera Secure Enterprise Edition 2.4, we're the first to close a big gap that has frustrated security teams and delayed application deployments," said Ratan Tipirneni, president and CEO at Tigera. "Until now, they were not able to use their existing security architecture to secure their applications running on Kubernetes. And, importantly, with the increase in service-to-service traffic flowing the network, they had to consider buying additional hardware and firewall licenses which can cost millions of dollars. But, now with Tigera Secure Enterprise Edition 2.4, they can extend their firewalls to secure dynamic Kubernetes workloads without disrupting any of their processes or retraining their teams."

Enterprise security and IT professionals from companies such as Atlassian and Monzo Bank rely on Tigera's software to protect their modern business applications and to generate reports used for internal and third-party compliance audits.

The potential cost of non-compliance to privacy regulations is staggering and it continues to grow, according to a report from Globalscape and the Ponemon Institute last May. Non-compliance costs businesses on average $14 million, a 45 percent increase since 2011. Security professionals need to keep compliance in mind for their Kubernetes in-scope workloads, because they cannot be properly secured using their existing zone-based architectures, and could result in major fines.

New features or key enhancements enabling this new capability in version 2.4 include:

  • New DNS Policies enable fine-grained access controls between individual Kubernetes pods and third-party APIs, SaaS platforms, and resources outside the cluster - on-prem and in the cloud.
  • Tigera Secure now ingests Threat Intelligence Feeds and blocks traffic from leaving your cluster to IPs known for malicious activity.
  • Powerful, in-depth compliance reports to meet key security controls required by PCI, SOC 2, and other certifications and frameworks.
  • Easier and quicker deployments with Helm charts.
Published Tuesday, May 14, 2019 3:13 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2019>