We recently highlighted Gartner’s advice to “shift right” with security, to avoid burdening developers from a security standpoint. Gartner analyst Dale Gardner continued that theme with this opening slide to his talk advising teams to “Fix What Matters” in the area of vulnerabilities. Dale noted that we excel at finding vulnerabilities, leading to the garbage heap analogy. “We end up with this graveyard of multiple vulnerability reports,” Dale observed. Bringing this world view into container security doesn’t make this problem any easier – indeed, now you have more “things” to secure.
Over the next week or so, I’ll be sharing some insights and observations from last week’s Gartner security summit conference. We’ll explore key conference themes around how DevOps and Security can work better together, the role of ML and automation, and the major challenges still confronting security practitioners. The infinite loop pictured here was a theme throughout many presentations. All visual models like this quickly become a little too complicated, but this vision of continuous security and a constant feedback loop between the build/deploy phase and the runtime phase really hits a chord with us here at StackRox.
We’re just a couple weeks out from our first DockerCon show. Our container deployment governance, runtime security, and feedback loop between security and DevOps have proven really valuable to our customers, and we’re looking forward to sharing these success stories on the show floor. Docker has been a great partner for us here at StackRox. Spending time with the Docker developer community talking about how they can accelerate development while deploying securely will provide great input for us.
One of the most basic challenges a security team faces can sometimes simply be getting a handle on what assets exist where, and what exposures and issues affect them. So, we’re excited to announce that we’ve expanded our existing partnership with Google Cloud Platform to bring detailed security context to container resources in the Google Cloud Security Command Center (SCC). Our customers on Google Kubernetes Engine (GKE) can easily configure StackRox Prevent or StackRox Detect and Respond to send real-time container security exposures and alerts to the Cloud SCC.
Like at least 20,000 other of our closest friends, we call it a victory just to have survived the chaos of the RSA Conference last week. Terrible traffic. Mission Street torn up. Moscone renovations. Shaking enough hands to get sick. A too-quiet show floor. And of course, the much bemoaned “take over by marketing” of security. The show leaves plenty to complain about. And yet… StackRox had a great, great week.
We’re gearing up (pun intended) for an exciting time next week in San Francisco, and we’re thrilled to kick it off on Sunday at BSidesSF at City View in the Metreon. We’re proud to sponsor and support this event – an amazing grassroots effort that unites the information security community to share knowledge. With this year’s steampunk theme, the conference promises to deliver inspirational talks, stimulating discussions, and of course, evenings filled with entertaining discourse and delectable libations.
Along with seeing us on the show floor at the RSA Conference, you can also check us out at the RSA Conference Innovation Sandbox! We’re thrilled to share we were announced this morning as a Top 10 finalist in this prestigious contest that recognizes cybersecurity’s boldest new innovators who have made it their mission to minimize security risk. We’re proud to have our unique approach to continuous detection recognized for its innovation as we move the security industry forward to protect cloud-native applications.
There has never been a better time to be a DevOps engineer. Compared to traditional web stacks, containerization has dramatically streamlined the task of deploying web services such as databases, key/value stores, and servers. Furthermore, container orchestration tools, like Google’s Kubernetes and Docker Swarm, enable organizations to automate the deployment and management of these containerized applications. But the tools that make life easier and more efficient for engineers can also be a gift to an attacker.
Introducing StackRox Prevent: Reimagining Container Deployment Security to Minimize Your Attack Surface
Security leaders today are charged with the increasingly complex task of defending the technology that powers modern enterprises, at a time when the software stack has never been more diverse or unmanageable. Implementing a coherent security program can seem daunting in light of the patchwork of duties that may fall under a security organization’s purview: static code analysis, identity and access management, compliance, data privacy and integrity, vulnerability management, monitoring, incident response, threat hunting, forensics…and the list continues.
This is a guest blog by Rob Fry, an accomplished architect, inventor and public speaker with 20 years’ experience primarily in large-scale Internet companies and the utility industry. At Netflix he invented FIDO, a patented open source security orchestration platform, and while at Yahoo created the DUBS configuration and automation framework for production servers. Over the past two decades, we’ve seen adoption of new technologies reshaping the landscape of how we operate and secure our businesses.
Today, we are excited to announce the release of StackRox Detect and Respond 2.0, our container-native runtime security product, and StackRox Adversarial Intent Model, the foundation for our ongoing threat research and threat detection strategy. While our previous 1.3 release focused on providing greater flexibility, configurability, and scalability for customers, version 2.0 expands the breadth and depth of our threat detection capabilities and adds advanced automation features to make it easier for enterprise customers to protect their container environments, whether they are running on-premise or in popular cloud service providers such as Amazon Web Services (AWS), Google Compute Platform (GCP), Microsoft Azure and others.