Policy Enforcement

The container ecosystem introduces a number of new dimensions that must factor into your security policies for protecting your applications.

The StackRox platform analyzes data across images, container runtimes, orchestrator settings, CIS benchmark scans, network policies, secrets, and container configurations to define multi-factor policies for your container environment. You can use StackRox to automatically prevent high-risk services from ever being deployed.

A technology company providing a SaaS offering runs its containers and StackRox on a major public cloud platform. To protect the sensitive data of its own clients, the company relies on StackRox to enforce both industry best practices and its own company-developed policies across its container environment.

Fingerprinting

Leverage out-of-the-box policies

StackRox provides deployment policies that incorporate multiple factors to reduce your container attack surface, such as vulnerabilities with threshold CVSS scores, configurations including open ports, and packages and tools that can be used by attackers during runtime.

Build a complete picture

Define custom policies

StackRox lets you build your own multi-factor policies that combine industry-standard and enterprise-specific information. Policies also allow you to specify the criticality of alerts, custom metadata, and whether StackRox should automatically take responsive action when violations are detected.

Generate summary reports

Take action on violations

With StackRox, you can configure a range of responses when threats are detected or policy violations occur, including sending alert notifications to your existing SIEM or incident management systems, blocking deployment of new services, and killing running containers.

See StackRox in action

Watch Now: Policy management demo

In this video, see how StackRox provides flexible, pre-configured detection policies you can use to detect and respond to key threats on your containerized applications.

Policy management demo