StackRox extended the capabilities of its Container Security Platform with additional visibility, profiling, and network management features.
StackRox – which scored $25 million in additional funding last spring — provides security for containerized cloud-native applications. This most recent release of the platform aims to help DevOps and security teams communicate more efficiency and accurately and “quickly visualize all of their deployments and pods across namespaces and clusters,” the company said.
To do this, it is leveraging its deep integration with Kubernetes to deliver visibility based on insights from deployed code on its platform. Previously, the platform gave only an image-based view of containerized environments.
The platform was also updated to include deeper and more sophisticated inspections. The company, which calls this multi-factor risk profiling, has provisioned the platform to assess “cluster details, labels and annotations, privileges, secrets, and network reachability to more accurately prioritize risks.”
In other words, it now has better capabilities to monitor performance and identify problems. “These details of a deployment refer to how a small chunk of code should run, so it shares info on whether it’s running in test or production, what development group created the code, the kinds of data it can access, and whether someone coming in from the internet can communicate with that chunk of code,” said Wei Lien Dang, the company’s vice president of product.
The company also has added three network policy management capabilities to the platform. The first is network graphs that show allowed versus actively used communications paths among namespaces and deployments including the internet reachability of deployments. The second is a policy recommendation engine that offers actionable steps to disable unnecessary communications paths. The final addition is a policy simulator that enables DevOps and security teams to preview network policy, visualize their network connectivity paths, and confirm policies are accurate before applying them in Kubernetes. These new features are included in the base platform.
Dang suggests that powerful tools to secure containers are available, but are not being as widely used as they should be.
“Container security is still in its early days,” he said. “Even though most organizations are using containers for some application development, most applications are still running on traditional infrastructure. The container security capabilities we’re talking about are not primitive, however, quite the opposite. But most organizations are still early in their adoption of container-focused security platforms and, as a result, such platforms are not as widespread as legacy security solutions.”