The container ecosystem introduces a number of new dimensions that must factor into your security policies for protecting your applications.
The StackRox platform analyzes data across images, container runtimes, orchestrator settings, CIS benchmark scans, network policies, secrets, and container configurations to define multi-factor policies for your container environment. You can use StackRox to automatically prevent high-risk services from ever being deployed.
Leverage out-of-the-box policies
StackRox provides deployment policies that incorporate multiple factors to reduce your container attack surface, such as vulnerabilities with threshold CVSS scores, configurations including open ports, and packages and tools that can be used by attackers during runtime.
Define custom policies
StackRox lets you build your own multi-factor policies that combine industry-standard and enterprise-specific information. Policies also allow you to specify the criticality of alerts, custom metadata, and whether StackRox should automatically take responsive action when violations are detected.
Take action on violations
With StackRox, you can configure a range of responses when threats are detected or policy violations occur, including failing a CI build, sending alert notifications to your existing SIEM or incident management systems, blocking deployment of new services, and killing running containers.