November 13, 2019

StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management

Written by

Just ahead of the start of KubeCon 2019 next week, StackRox is announcing the release of version 3.0 of its StackRox Kubernetes Security Platform. The company is introducing a number of new capabilities with this upgrade, enabling its customers to better harden their Kubernetes and container environments.

The latest release incorporates industry-first features for configuration management and vulnerability management that enable businesses to achieve stronger protection of cloud-native, containerized applications. StackRox now makes it easier to discover and understand vulnerabilities across Kubernetes environments, identify insecure configurations across applications and infrastructure, and integrate with additional ecosystem platforms.

"Mitigating the growing threat of Kubernetes vulnerabilities and avoiding misconfigurations are major priorities for cloud-native organizations like ours," said Maxx Lobo, CTO of Ask Media Group, a StackRox customer. "The new workflows from StackRox enable our teams to automatically identify and address these risks, so that we can be smarter about how to focus our time and resources when it comes to securing our Kubernetes applications. StackRox allows us to keep moving fast on our digital transformation initiatives while improving our security."

StackRox is the first security solution to provide dedicated dashboards and workflows for Kubernetes configuration management that help reduce misconfigurations, thereby reducing risk.

  • Interactive dashboards - StackRox enables users to view risk-prioritized misconfigurations, easily drill down to critical information about where misconfigurations exist, determine relevant context required for effective remediation, and speed collaboration between security and DevOps teams.
  • Kubernetes role-based access control (RBAC) assessment - StackRox continuously monitors permissions for users and service accounts to help mitigate against excessive privileges being granted - a source of potential exploits of various threat vectors - as well as identify potential misconfigurations and inform risk analysis.
  • Kubernetes secrets access monitoring - StackRox discovers secrets in Kubernetes and monitors which deployments can use them to ensure unnecessary access can be limited.
  • Kubernetes-specific policy enforcement - StackRox identifies configurations in Kubernetes related to network exposures, privileged containers, processes running as root, compliance with industry standards, and other factors to determine policy violations.

In addition to configuration management, StackRox is also introducing advanced vulnerability management capabilities, including:

  • Interactive dashboards - StackRox provides interactive views that provide risk-prioritized snapshots across your environment, highlighting vulnerabilities in both images and Kubernetes.
  • Discovery of Kubernetes vulnerabilities - StackRox provides visibility into critical vulnerabilities that exist in the Kubernetes platform itself, including those related to the Kubernetes API server that have been disclosed by the Kubernetes product security team, in the recent security audit, and via other channels.
  • Language-specific vulnerabilities - StackRox scans container images for additional vulnerabilities that are language-dependent, providing greater coverage across containerized applications.

Along with the new feature set for configuration management and vulnerability management, the latest release of the StackRox Kubernetes Security Platform also adds support for the following ecosystem platforms:

  • CRI-O container runtime - StackRox supports CRI-O, a lightweight runtime optimized for Kubernetes that is an Open Container Initiative (OCI)-compliant implementation of the Kubernetes Container Runtime Interface. CRI-O is a Cloud Native Computing Foundation (CNCF) incubation-level hosted project.
  • Kubernetes on Distributed Cloud Operating System (DC/OS) - StackRox supports using Kubernetes on the DC/OS platform, developed and maintained by D2iQ (formerly Mesosphere).
  • Microsoft Teams integration - StackRox natively integrates with Microsoft Teams to deliver security alerts and violation data directly to the right resource owners across security and DevOps.

"When it comes to Kubernetes security, new challenges related to vulnerabilities and misconfigurations continue to emerge," said Wei Lien Dang, vice president of product and co-founder, StackRox. "DevOps and Security teams need solutions that quickly and easily solve these issues. StackRox 3.0 is the first container security platform with the capabilities orgs need to effectively deal with Kubernetes configurations and vulnerabilities, so they can reduce risk to what matters most - their applications and their customer's data."

StackRox has made all these capabilities immediately available in this latest major update to its StackRox Kubernetes Security Platform. The company will be highlighting these recent product additions at KubeCon next week.

David Marshall

David Marshall has been involved in the technology industry for over 19 years, and he's been working with virtualization software since 1999. He was able to become an industry expert in virtualization by becoming a pioneer in that field - one of the few people in the industry allowed to work with Alpha stage server virtualization software from industry leaders: VMware (ESX Server), Connectix and Microsoft (Virtual Server).

Through the years, he has invented, marketed and helped launch a number of successful virtualization software companies and products. David holds a BS degree in Finance, an Information Technology Certification, and a number of vendor certifications from Microsoft, CompTia and others. He's also co-authored two published books: "VMware ESX Essentials in the Virtual Data Center" and "Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center" and acted as technical editor for two popular Virtualization "For Dummies" books. With his remaining spare time, David founded and operates one of the oldest independent virtualization news blogs, VMblog.com. And co-founded CloudCow.com, a publication dedicated to Cloud Computing. Starting in 2009 and continuing all the way to 2016, David has been honored with the vExpert distinction by VMware for his virtualization evangelism.

Sponsors

Learn more about A10 Networks

Learn more about Alluxio

Learn more about Blameless

Learn more about Containous

Learn more about DivvyCloud

Learn more about Lacework

Learn More about MacStadium

Learn More about Mirantis

Learn More about Platform9

Learn More about Sauce Labs

Learn More about solo.io

Learn More about Stackrox

Learn more about Wallarm

Learn More about Weaveworks

Latest Tweets

Latest Videos