Posts under Container Security

Image - Gartner on Delivering DevOps Risk-Prioritized Vulnerability Guidance

Gartner on Delivering DevOps Risk-Prioritized Vulnerability Guidance

We recently highlighted Gartner’s advice to “shift right” with security, to avoid burdening developers from a security standpoint. Gartner analyst Dale Gardner continued that theme with this opening slide to his talk advising teams to “Fix What Matters” in the area of vulnerabilities. Dale noted that we excel at finding vulnerabilities, leading to the garbage heap analogy. “We end up with this graveyard of multiple vulnerability reports,” Dale observed. Bringing this world view into container security doesn’t make this problem any easier – indeed, now you have more “things” to secure.

Image - StackRox at BSidesSF 2018

StackRox at BSidesSF 2018

We’re gearing up (pun intended) for an exciting time next week in San Francisco, and we’re thrilled to kick it off on Sunday at BSidesSF at City View in the Metreon. We’re proud to sponsor and support this event – an amazing grassroots effort that unites the information security community to share knowledge. With this year’s steampunk theme, the conference promises to deliver inspirational talks, stimulating discussions, and of course, evenings filled with entertaining discourse and delectable libations.

Image - Breaking Bad: Detecting real world container exploits

Breaking Bad: Detecting real world container exploits

There has never been a better time to be a DevOps engineer. Compared to traditional web stacks, containerization has dramatically streamlined the task of deploying web services such as databases, key/value stores, and servers. Furthermore, container orchestration tools, like Google’s Kubernetes and Docker Swarm, enable organizations to automate the deployment and management of these containerized applications. But the tools that make life easier and more efficient for engineers can also be a gift to an attacker.

Image - Introducing StackRox Prevent: Reimagining Container Deployment Security to Minimize Your Attack Surface

Introducing StackRox Prevent: Reimagining Container Deployment Security to Minimize Your Attack Surface

Security leaders today are charged with the increasingly complex task of defending the technology that powers modern enterprises, at a time when the software stack has never been more diverse or unmanageable. Implementing a coherent security program can seem daunting in light of the patchwork of duties that may fall under a security organization’s purview: static code analysis, identity and access management, compliance, data privacy and integrity, vulnerability management, monitoring, incident response, threat hunting, forensics…and the list continues.

Image - Frenemies No More: Containers Are Changing the Security-Business Relationship

Frenemies No More: Containers Are Changing the Security-Business Relationship

This is a guest blog by Rob Fry, an accomplished architect, inventor and public speaker with 20 years’ experience primarily in large-scale Internet companies and the utility industry. At Netflix he invented FIDO, a patented open source security orchestration platform, and while at Yahoo created the DUBS configuration and automation framework for production servers. Over the past two decades, we’ve seen adoption of new technologies reshaping the landscape of how we operate and secure our businesses.

Image - Video demo of StackRox enterprise integrations

Video demo of StackRox enterprise integrations

In the eighth video in our demo series, we walk you through the third-party enabled integrations that StackRox provides, including integrations with identity providers, role-based access control (RBAC), Security Assertion Markup Language (SAML) providers, notification services like PagerDuty and Slack, and log management solutions.

Image - Video demo of StackRox reports

Video demo of StackRox reports

In the seventh video in our demo series, we’ll take a look at StackRox reports. StackRox gives you summary reports for any period of time to help you get a sense of the risk in your environment. In this video, you can see how we provide a number of preset reports, including an overview summary, alerts by severity, top attacks, policy violations, infected applications and services, top vulnerable services and images, and external infection sources.

Image - KubeCon 2017 Recap: Community, Service Meshes, and Security

KubeCon 2017 Recap: Community, Service Meshes, and Security

“Keep Cloud Native Weird.” That was the motto of KubeCon + CloudNativeCon 2017, which I had the opportunity to attend last week in Austin. With the conference attracting more than 4,100 participants, hundreds of technical sessions, new project announcements, and key updates on existing initiatives, it is clear that the cloud native computing revolution continues to accelerate. Here are some of the highlights I found most interesting. KubeCon welcome mural

Image - Containers, security, and compliance in the financial sector: putting it all together

Containers, security, and compliance in the financial sector: putting it all together

Since day one at StackRox, three years ago, we’ve made it a point to meet regularly with CISOs from top banks and other global 2000 companies. The focus of these discussions was on how we might expedite the adoption of containers, and improve the process of maintaining better security and regulatory compliance. Over the course of these many conversations, I’ve found that there are some important ideas worth sharing broadly, though they’re likely most interesting to IT and security leaders in the financial world, where both competitive and regulatory pressures are very high.

Image - Securing containers on any infrastructure with StackRox & Docker Enterprise Edition

Securing containers on any infrastructure with StackRox & Docker Enterprise Edition

Four and a half years since it was first introduced, Docker continues to have a profound impact on reshaping how developers build, ship, and run software applications. Few could have anticipated the speed of Docker adoption that we have observed to date with more than 21 million hosts now running Docker, over 24 billion Docker container downloads, and a vibrant ecosystem of 100,000+ third-party projects that incorporate Docker. As the de facto standard for the container runtime and image format, Docker has democratized the ability for anyone to take advantage of container technologies that could previously only be utilized by a handful of the world’s largest, cloud-native companies.

Image - Fueling digital transformation in the public sector with OpenShift & container security

Fueling digital transformation in the public sector with OpenShift & container security

On November 9, 2017, I attended the 9th annualRed Hat Government Symposium in Washington, DC, and quickly got a sense of Red Hat’s momentum in the public sector and the rapid growth of OpenShift, Red Hat’s container application platform based on Kubernetes. Over 600 participants attended the symposium, many of whom were senior IT and cybersecurity leaders from government agencies such as Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), General Services Administration (GSA), Social Security Administration (SSA), U.

Image - Pairing StackRox with Google Kubernetes Engine for runtime security

Pairing StackRox with Google Kubernetes Engine for runtime security

In the three and a half years since its release, Kubernetes has become one of the most popular container management systems on the market. A survey by 451 Research found that 71% of enterprise organizations running containers are using Kubernetes. Likewise, Google Kubernetes Engine (GKE) has emerged as one of the leading managed services for Kubernetes deployments, attracting customers like Niantic, Philips, Meetup, and Evernote. GKE extends the baseline benefits of Kubernetes, including automated cluster deployment, managed container networking, autoscaling, and a managed master node with guaranteed uptime and automated Kubernetes upgrades.

Image - Policy management

Policy management

Here is our fifth video in our demo series of our StackRox platform. In this demo, see how you can manage policies for your highly distributed and/or container environments. You can use our preloaded policies, or create new policies, helping you use StackRox to automatically detect attacks, building better security hygiene into your infrastructure in development and production.

Image - Securing your OpenShift container environment with StackRox

Securing your OpenShift container environment with StackRox

The Red Hat OpenShift platform is enabling enterprise organizations to use container technologies such as Docker and Kubernetes to build, deploy, and run applications with unprecedented agility, scale, and speed. In this blog post, I’ll walk through how we’ve integrated StackRox with OpenShift to help our joint customers ensure comprehensive security across their container lifecycle. You can also visit the OpenShift Commons to view a recording of my briefing on this topic from last week, which goes into more details, and provides a live demo of StackRox running with OpenShift.

Image - Video demo of search and asset discovery

Video demo of search and asset discovery

Here is our third video in our demo series, focusing on search and asset discovery. Watch the video below to learn about StackRox search and enumeration capabilities. See how we are able to leverage data optimization and machine learning, translating millions of signals into queryable infrastructure data at the hands of your security analyst.

Image - Crate.io Using StackRox to Secure CrateDB Clusters on Docker

Crate.io Using StackRox to Secure CrateDB Clusters on Docker

In this new blog post by Crate.io, read about how they are using StackRox to secure CrateDB Clusters on Docker. StackRox complements the authentication, access controls, and encryption added in Crate 2.0 Enterprise Edition with comprehensive threat coverage for well-known attack vectors on containerized database applications. The post discusses why security is important for a database like CrateDB, and how to use StackRox to protect your data – walking you through the deployment process.