StackRox Announces New Release of Container Security Platform
July 12, 2018

StackRox announced a new release of its Container Security Platform.

The new release is an integrated, full life cycle solution for container security that incorporates a feedback loop between the different phases of the container life cycle. This functionality uses threat information detected at runtime to inform risk scoring and policy enforcement as containers are built and deployed, resulting in actionable insights with greater context.

The StackRox Container Security Platform provides a feedback loop that leverages runtime data to proactively identify security risks earlier in the container life cycle. This software release also marks the first time that a full life cycle container security platform protects against key orchestrator-based threats, which have gained prominence due to recent high-profile compromises. The new release helps customers automatically catch potential security issues based on observed application behavior at runtime and extends its policy management capabilities to the additional attack surfaces introduced by orchestration systems themselves. The update also includes new capabilities that help customers reduce the attack surface during the build and deploy phase of the container life cycle.

“The StackRox Container Security Platform’s integrated approach streamlines decision making and fosters collaboration between security and DevOps,” said Wei Lien Dang, StackRox’s VP of Product. “Because our platform has a feedback loop that ties together capabilities across different phases of the container life cycle – as opposed to providing functionality on a standalone basis – it provides customers with an unmatched level of security against emerging container-based threats. It eliminates entire workflows that security operators would typically have to go through.”

The platform lets customers configure the new integration with just a couple clicks; as a result, security operators benefit from spending less time hunting for security issues and having to interpret how threat activity could potentially impact other parts of their container environment. This approach is adaptive to an enterprise’s ongoing and evolving security posture and is built for the speed and volume of data being generated in container environments so that customers don’t miss anything.

To augment security throughout the container life cycle, the StackRox Container Security Platform now supports vulnerability scanning and policy enforcement for network segmentation and secrets.

Specific to orchestrator-based threats, the platform evaluates configurations of security capabilities native to the orchestrator itself, such as role-based access controls, network policies and secrets in Kubernetes. If an attacker uses tools to conduct reconnaissance and scanning within the container environment or exploits orchestrator misconfigurations, the StackRox container security platform will detect that activity.

The new release of the StackRox platform adds core detection functionality to expose orchestrator-specific attacks that rely on exploiting certain components within Kubernetes environments, including the kubelet, Kubernetes service endpoints or metadata servers. Recently several examples of orchestrator-related attacks have been published, including a compromise of Tesla’s Kubernetes infrastructure that allowed attackers to mine cryptocurrency and a report that detailed how an attacker could have compromised Shopify’s Kubernetes clusters. The new StackRox release protects against these types of threats by default.

This upgraded version of the StackRox Container Security Platform will be generally available this month.

The Latest

July 19, 2018

Despite 95 percent of CIOs expecting cyberthreats to increase over the next three years, only 65 percent of their organizations currently have a cybersecurity expert, according to a survey from Gartner. The survey also reveals that skills challenges continue to plague organizations that undergo digitalization, with digital security staffing shortages considered a top inhibitor to innovation ...

July 17, 2018

In my first blog in this series, I highlighted some of the main challenges teams face with trying to scale mainframe DevOps. To get past these hurdles, the key is to develop an incremental approach that enables teams to capture value along each step of the journey ...

July 16, 2018

The key to mainframe DevOps success is in quickly identifying and removing major bottlenecks in the application delivery lifecycle. Major challenges include collaboration between mainframe and distributed teams, lack of visibility into the impact of software changes, and limited resource flexibility with scaling out necessary testing initiatives. Now let's take a closer look at some of these key challenges and how IT departments can address them ...

July 11, 2018

How much are organizations investing in the shift to cloud native, how much is it getting them? ...

July 10, 2018

In the shift to cloud native, many organizations have adopted a configuration-as-code approach. This helps drive up application deployment velocity by letting developers and DevOps teams reconfigure their deployments as their needs arise. Other organizations, particularly the more regulated ones, still have security people owning these tools, but that creates increased pressure on the security organization to keep up. How much are organizations investing in this process, and how much is it getting them? ...

June 28, 2018

More than a third of companies that use serverless functions are not employing any application security best practices and are not using any tools or standard security methodologies to secure them, according to the State of Serverless Security survey, conducted by PureSec ...

June 27, 2018

The popularity of social media platforms and applications is spurring enterprises to adopt "social business" models to better engage with employees and customers and improve collaboration, according to a new study published by ISG ...

June 25, 2018

The previous chapter in this WhiteHat Security series discussed Codebase as the first step of the Twelve-Factor App and defined a security best practice approach for ensuring a secure source control system. Considering the importance of applying security in a modern DevOps world, this next chapter examines the security component of step two of the Twelve-Factor methodology. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...

June 21, 2018

DevSecOps is quickly gaining support and traction, within and beyond information security teams. In fact, 70% of respondents believe their culture can embrace the change needed to fuse Security and DevOps, according to a new survey of 80 security professionals by Aqua Security ...

June 20, 2018

The larger the company size, the higher the proportion of low IT performers, according to the State of DevOps: Market Segmentation Report from Puppet, based on the 2017 State of DevOps Survey data ...

Share this