Container security company StackRox launched three new features for its StackRox Container Security Platform today — deployment-centric visibility, multi-factor risk profiling and network policy management — which the company hopes will help address difficulties in intercontainer communication and monitoring in Kubernetes deployments.
“Deployed as a set of containers using Kubernetes YAML files or Helm charts, the StackRox Container Security Platform supports all Kubernetes deployment modes, including self-managed clusters; managed services such as Amazon EKS, Azure AKS, and Google GKE; and Kubernetes distributions such as Red Hat OpenShift and Docker Enterprise Edition,” the company wrote in the announcement.
Deployment-centric visibility provides a broader overview of active deployments rather than the image that they’re deployed from, which the company explained will improve communication between DevOps and security teams. “Visibility at the deployment level is essential to managing policies and addressing misconfigurations effectively in a Kubernetes environment,” the company wrote.
Multi-factor risk profiling pulls more details from Kubernetes clusters including labels, annotations, privileges, secrets and network reachability, improving overall visibility and ease of monitoring.
Finally, network policy management improves policy enforcement and management, introducing the network graph, policy recommendation engine and policy simulator. The new features allow the StackRox platform to monitor connections, suggest policy changes and preview those changes before implementation.
“As Kubernetes continues its astonishing pace of adoption as the orchestrator of choice for cloud-native environments, it becomes an increasingly attractive target for attackers. Given that many organizations are still getting educated on Kubernetes security best practices, they are at increased risk for exposing their applications and data,” Wei Lien Dang, vice president of product at StackRox, said in the announcement. “The StackRox mission is to deliver a platform for DevOps and Security teams alike to operationalize security for their Kubernetes and container environments. We developed our new capabilities for better visibility, richer context, and stronger enforcement — tied to our deep integrations with Kubernetes — to provide more ways to reduce the container attack surface, mitigate known vulnerabilities, and limit the impact of attacks efficiently and effectively.”