StackRox Enhances Container Security Platform
January 23, 2019

StackRox announced new capabilities in the StackRox Container Security Platform that leverage the platform’s multiple integrations with Kubernetes.

The latest enhancements allow businesses to gain a deployment-centric view of their environment, quickly prioritize risks based on rich context, leverage Kubernetes for robust and scalable policy enforcement, and significantly improve the security of their container and Kubernetes environments.

New capabilities available in the latest release of the StackRox Container Security Platform include:

- Deployment-Centric Visibility: StackRox’s deep integration with Kubernetes delivers visibility centered around deployments versus simply an image, enabling DevOps and Security teams to speak a common language and eliminate confusion. DevOps and Security teams can quickly visualize all of their deployments and pods across namespaces and clusters. Visibility at the deployment level is essential to managing policies and addressing misconfigurations effectively in a Kubernetes environment.

- Multi-Factor Risk Profiling: StackRox leverages its integration with Kubernetes to deliver deeper insight into cluster details, labels and annotations, privileges, secrets and network reachability to more accurately prioritize risks. Details such as whether a cluster is running in test or production, the owner of the application, the type of data and secrets accessed, and the network configuration of the deployment (e.g., is it reachable from the Internet) all provide helpful context far beyond vulnerability data.

- Network Policy Management: StackRox network policy enforcement capabilities include the newly added network graph, policy recommendation engine, and policy simulator. These features all tie into Kubernetes to enable a robust, scalable and portable solution for network segmentation. The network graph displays allowed versus actively used communications paths among namespaces and deployments as well as Internet reachability of deployments. The policy recommendation engine provides actionable steps to disable unnecessary communications paths among these assets. The policy simulator enables DevOps and Security teams to preview new network policies, visualize their network connectivity paths, and confirm the policies are accurate before applying them in Kubernetes.

“As Kubernetes continues its astonishing pace of adoption as the orchestrator of choice for cloud-native environments, it becomes an increasingly attractive target for attackers. Given that many organizations are still getting educated on Kubernetes security best practices, they are at increased risk for exposing their applications and data,” said Wei Lien Dang, StackRox VP of Product. “The StackRox mission is to deliver a platform for DevOps and Security teams alike to operationalize security for their Kubernetes and container environments. We developed our new capabilities for better visibility, richer context, and stronger enforcement — tied to our deep integrations with Kubernetes — to provide more ways to reduce the container attack surface, mitigate known vulnerabilities, and limit the impact of attacks efficiently and effectively.”

Deployed as a set of containers using Kubernetes YAML files or Helm charts, the StackRox Container Security Platform supports all Kubernetes deployment modes, including self-managed clusters; managed services such as Amazon EKS, Azure AKS, and Google GKE; and Kubernetes distributions such as Red Hat OpenShift and Docker Enterprise Edition.

These new capabilities are available in the current release of the StackRox Container Security Platform.

Share this

Industry News

February 06, 2023

Red Hat announced the availability of Red Hat Ansible Automation Platform on Google Cloud, providing a common and flexible IT automation solution that extends from the cloud, to the datacenter and out to the edge without additional complexity or required skills.

February 06, 2023

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing.

February 06, 2023

Netlify has acquired Gatsby Inc.

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.