New capabilities developed in collaboration with enterprises and federal government customers enable accurate analysis and faster incident response for containers and Kubernetes environments
MOUNTAIN VIEW, Calif. — May 20, 2020 — StackRox, the leader in container and Kubernetes security, today announced new runtime security features in the latest release of the StackRox Kubernetes Security Platform. These features, developed in close collaboration with StackRox enterprise and federal government customers, help streamline analysis, investigation, and response for runtime security events for containers and Kubernetes environments. Leveraging these new capabilities, analysts and incident responders can more quickly identify the most important event details, view them chronologically, add custom notes, and make more informed security and compliance decisions.
The new features tap into the Kubernetes-native architecture of the StackRox platform to streamline incident response processes. Specific enhancements include:
Timeline Views – Provides a chronological visualization of runtime events, such as the execution of processes, in a graphic timeline to enable teams to easily understand incidents and prioritize response actions accordingly.
Federal Benchmark Checks – Delivers container-specific compliance checks for NIST SP 800-53 to support Defense and Intelligence Communities, federal agencies, enterprises and cloud service providers participating in the Federal Risk and Authorization Management Program (FedRAMP). Support for this standard adds to existing StackRox compliance checks for NIST SP 800-190.
Analyst Notes – Offers the ability to annotate metadata on alerts and relevant security events in the StackRox platform and to share these notes with other analysts and incident responders to enhance and speed collaboration.
Advanced Policies – Enables analysts to apply and enforce policies more flexibly by using Boolean operators to add and combine different criteria within each policy.
“With these new workflow and IR features, StackRox has taken on a lot of the heavy lifting involved with incident analysis and remediation, saving us a lot of time and resources while ensuring we don’t miss any key security or compliance issues,” said Pathik Patel, head of cloud security engineering, Informatica. “Surfacing the relevant data our analyst and IR teams need and providing a methodical approach to applying that data means we won’t be sifting through a lot of raw data and false positives, which kills response times.”
With these new features, StackRox users can summarize security and compliance events, share information between security and development teams, collaborate, and act on security information more quickly and effectively. With the ability to contextualize and enrich data from Kubernetes environments, StackRox helps analysts and incident responders prioritize threats, accelerate the creation of new policies, create more consistent workflows, and automate remediation to replace traditionally manual, time-consuming processes.
“Incident analysis and response is challenging given the immutable and ephemeral nature of containers,” said Hillary Benson, head of product, StackRox. “The large, complex environments that are prevalent among our customers accentuates the challenge, and most analyst and IR teams have had to craft their own ways to synthesize event data. These new capabilities and workflows do away with the manual processes that bog down effective IR.”
StackRox customers will automatically benefit from these new analysis and incident response features in the latest version of the StackRox Kubernetes Security Platform.