Collaboration between StackRox and DHS S&T Enables Financial Services Sector to Protect Critical Cloud-Native Applications
MOUNTAIN VIEW, Calif. – Aug 12, 2020 – StackRox, the leader in container and Kubernetes security, today announced that it was awarded a Phase III contract by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T)’s Silicon Valley Innovation Program (SVIP) to protect mission-critical, cloud-native applications for financial institutions. Through the Next Generation Cyber Infrastructure (NGCI) program, StackRox is delivering container and Kubernetes security for a large U.S. financial services company.
In 2018, StackRox was awarded a Phase II SVIP contract by DHS to advance container threat information sharing among financial institutions to prevent an attack from hitting multiple organizations. With this Phase III award, the financial services company is leveraging the StackRox Kubernetes Security Platform to defend its cloud-native infrastructure from vulnerabilities and misconfigurations while ensuring compliance and detecting and stopping runtime threats. By completing this phase of the program, StackRox will enable additional financial service institutions and other NGCI stakeholders to leverage StackRox to operationalize container and Kubernetes security at scale. Having delivered the industry’s only Kubernetes-native platform, StackRox delivers better security, reduced operational risk, and lower operational costs.
The Department of Homeland Security is investing heavily in safeguarding critical infrastructure that relies on cloud-native technology, particularly in the financial sector where the stakes are especially high. DHS and StackRox are working together to help DHS stakeholders stay ahead of the evolving threat landscape, with StackRox delivering capabilities that detect, defend, protect, restore and respond to sophisticated and targeted cyber-threats. In Phase III, StackRox is focused on securing the containerized applications of the financial sector partner throughout the application life cycle – build, deploy and runtime – across several key use cases, including:
Visibility into cloud-native applications, including all images, container registries, Kubernetes deployment configurations, container runtime behavior, and more.
Vulnerability Management to identify vulnerabilities in images, containers, Kubernetes, and running deployments and prevent non-compliant builds.
Configuration Management to identify misconfigurations across images, containers, clusters, Kubernetes, and network policies, to prevent accidental misconfigurations that put application performance and security at risk.
Threat Detection combining rules, whitelists, baselines, and behavioral modeling to identify threats at runtime in your container environments.
Incident Response taking automated actions such as killing and restarting pods via Kubernetes to shut down attacks.
Regulatory Compliance providing continuous and on-demand checks on controls to meet CIS Benchmarks, NIST 800-190 and 800-53, SOC 2, PCI, and HIPAA.
“Given our long partnership with In-Q-Tel and our close work with the United States Air Force, DoD, DHS, and U.S. Intelligence Community, protecting government infrastructure is woven into the fabric of StackRox innovation,” said Ali Golshan, co-founder and CTO for StackRox. “We’re proud to have reached Phase III of this initiative and look forward to continuing our collaboration with DHS to meet the stringent security requirements needed to protect our nation’s mission-critical infrastructure.”
To learn more about how StackRox works with the Department of Homeland Security and other federal agencies, click here. To request a demo for your own organization, please visit https://www.stackrox.com/request-demo/.