Just ahead of the start of KubeCon 2019 next week, StackRox is announcing the release of version 3.0 of its StackRox Kubernetes Security Platform. The company is introducing a number of new capabilities with this upgrade, enabling its customers to better harden their Kubernetes and container environments.
The
latest release incorporates industry-first features for configuration
management and vulnerability management that enable businesses to achieve
stronger protection of cloud-native, containerized applications. StackRox now
makes it easier to discover and understand vulnerabilities across Kubernetes
environments, identify insecure configurations across applications and
infrastructure, and integrate with additional ecosystem platforms.
"Mitigating
the growing threat of Kubernetes vulnerabilities and avoiding
misconfigurations are major priorities for cloud-native organizations like
ours," said Maxx Lobo, CTO of Ask Media Group, a StackRox customer. "The new
workflows from StackRox
enable our teams to automatically identify and address these risks, so that we
can be smarter about how to focus our time and resources when it comes to
securing our Kubernetes applications. StackRox allows us to keep moving fast on
our digital transformation initiatives while improving our security."
StackRox
is the first security solution to provide dedicated dashboards and workflows
for Kubernetes configuration management that help reduce misconfigurations,
thereby reducing risk.
- Interactive dashboards - StackRox enables users to view
risk-prioritized misconfigurations, easily drill down to critical
information about where misconfigurations exist, determine relevant
context required for effective remediation, and speed collaboration
between security and DevOps teams.
- Kubernetes role-based
access control (RBAC) assessment - StackRox continuously monitors permissions for users
and service accounts to help mitigate against excessive privileges being
granted - a source of potential exploits of various threat vectors - as
well as identify potential misconfigurations and inform risk analysis.
- Kubernetes secrets
access monitoring
- StackRox discovers secrets in Kubernetes and monitors which deployments
can use them to ensure unnecessary access can be limited.
- Kubernetes-specific policy enforcement - StackRox identifies
configurations in Kubernetes related to network
exposures, privileged containers, processes running as root, compliance
with industry standards, and other factors to determine policy violations.
In
addition to configuration management, StackRox is also introducing advanced
vulnerability management capabilities, including:
- Interactive
dashboards - StackRox provides interactive
views that provide risk-prioritized snapshots across your environment,
highlighting vulnerabilities in both images and Kubernetes.
- Discovery of Kubernetes vulnerabilities - StackRox provides visibility into critical
vulnerabilities that exist in the Kubernetes platform itself, including
those related to the Kubernetes API server that have been disclosed by the
Kubernetes product security team, in the recent security audit, and via
other channels.
- Language-specific vulnerabilities - StackRox scans
container images for additional vulnerabilities that are
language-dependent, providing greater coverage across containerized
applications.
Along
with the new feature set for configuration management and vulnerability
management, the latest release of the StackRox Kubernetes Security Platform
also adds support for the following ecosystem platforms:
- CRI-O container
runtime -
StackRox supports CRI-O, a lightweight runtime optimized for Kubernetes
that is an Open Container Initiative (OCI)-compliant implementation of the
Kubernetes Container Runtime Interface. CRI-O is a Cloud Native Computing
Foundation (CNCF) incubation-level hosted project.
- Kubernetes on
Distributed Cloud Operating System (DC/OS) - StackRox supports
using Kubernetes on the
DC/OS platform, developed and maintained by D2iQ (formerly Mesosphere).
- Microsoft Teams
integration - StackRox natively integrates with Microsoft Teams to
deliver security alerts
and violation data directly to the right resource owners across security
and DevOps.
"When it
comes to Kubernetes security, new challenges related to vulnerabilities and
misconfigurations continue to emerge," said Wei Lien Dang, vice president of
product and co-founder, StackRox. "DevOps and Security teams need solutions
that quickly and easily solve these issues. StackRox 3.0 is the first container
security platform with the capabilities orgs need to effectively deal with
Kubernetes configurations and vulnerabilities, so they can reduce risk to what
matters most - their applications and their customer's data."
StackRox
has made all these capabilities immediately available in this latest major
update to its StackRox Kubernetes Security Platform. The company will be highlighting
these recent product additions at KubeCon next week.