We’re gearing up (pun intended) for an exciting time next week in San Francisco, and we’re thrilled to kick it off on Sunday at BSidesSF at City View in the Metreon. We’re proud to sponsor and support this event – an amazing grassroots effort that unites the information security community to share knowledge. With this year’s steampunk theme, the conference promises to deliver inspirational talks, stimulating discussions, and of course, evenings filled with entertaining discourse and delectable libations.
Along with seeing us on the show floor at the RSA Conference, you can also check us out at the RSA Conference Innovation Sandbox! We’re thrilled to share we were announced this morning as a Top 10 finalist in this prestigious contest that recognizes cybersecurity’s boldest new innovators who have made it their mission to minimize security risk. We’re proud to have our unique approach to continuous detection recognized for its innovation as we move the security industry forward to protect cloud-native applications.
There has never been a better time to be a DevOps engineer. Compared to traditional web stacks, containerization has dramatically streamlined the task of deploying web services such as databases, key/value stores, and servers. Furthermore, container orchestration tools, like Google’s Kubernetes and Docker Swarm, enable organizations to automate the deployment and management of these containerized applications. But the tools that make life easier and more efficient for engineers can also be a gift to an attacker.
Introducing StackRox Prevent: Reimagining Container Deployment Security to Minimize Your Attack Surface
Security leaders today are charged with the increasingly complex task of defending the technology that powers modern enterprises, at a time when the software stack has never been more diverse or unmanageable. Implementing a coherent security program can seem daunting in light of the patchwork of duties that may fall under a security organization’s purview: static code analysis, identity and access management, compliance, data privacy and integrity, vulnerability management, monitoring, incident response, threat hunting, forensics…and the list continues.
This is a guest blog by Rob Fry, an accomplished architect, inventor and public speaker with 20 years’ experience primarily in large-scale Internet companies and the utility industry. At Netflix he invented FIDO, a patented open source security orchestration platform, and while at Yahoo created the DUBS configuration and automation framework for production servers. Over the past two decades, we’ve seen adoption of new technologies reshaping the landscape of how we operate and secure our businesses.
Today, we are excited to announce the release of StackRox Detect and Respond 2.0, our container-native runtime security product, and StackRox Adversarial Intent Model, the foundation for our ongoing threat research and threat detection strategy. While our previous 1.3 release focused on providing greater flexibility, configurability, and scalability for customers, version 2.0 expands the breadth and depth of our threat detection capabilities and adds advanced automation features to make it easier for enterprise customers to protect their container environments, whether they are running on-premise or in popular cloud service providers such as Amazon Web Services (AWS), Google Compute Platform (GCP), Microsoft Azure and others.
In the eighth video in our demo series, we walk you through the third-party enabled integrations that StackRox provides, including integrations with identity providers, role-based access control (RBAC), Security Assertion Markup Language (SAML) providers, notification services like PagerDuty and Slack, and log management solutions.
In the seventh video in our demo series, we’ll take a look at StackRox reports. StackRox gives you summary reports for any period of time to help you get a sense of the risk in your environment. In this video, you can see how we provide a number of preset reports, including an overview summary, alerts by severity, top attacks, policy violations, infected applications and services, top vulnerable services and images, and external infection sources.
“Keep Cloud Native Weird.” That was the motto of KubeCon + CloudNativeCon 2017, which I had the opportunity to attend last week in Austin. With the conference attracting more than 4,100 participants, hundreds of technical sessions, new project announcements, and key updates on existing initiatives, it is clear that the cloud native computing revolution continues to accelerate. Here are some of the highlights I found most interesting. KubeCon welcome mural
Since day one at StackRox, three years ago, we’ve made it a point to meet regularly with CISOs from top banks and other global 2000 companies. The focus of these discussions was on how we might expedite the adoption of containers, and improve the process of maintaining better security and regulatory compliance. Over the course of these many conversations, I’ve found that there are some important ideas worth sharing broadly, though they’re likely most interesting to IT and security leaders in the financial world, where both competitive and regulatory pressures are very high.
Today we are excited to announce a new partnership with Google Cloud Platform (GCP) to jointly deliver end-to-end security across the cloud-native stack for any enterprise. Together, StackRox and Google will accelerate customers’ adoption of secure, containerized application architectures. No company knows more about containers than Google. They have run containers in production for over a decade, and pioneered an ambitious new approach to enterprise computing at scale. Google originated Kubernetes and continues to be its largest contributor in every release, even after more than 58,000 commits.