Securing Kubernetes on AWS
Full lifecycle security across build, deploy, and runtime phases for your Kubernetes workloads on AWSDownload Solution Brief
Security for Kubernetes on AWS
StackRox provides full life cycle security across build, deploy, and runtime phases for your Amazon Elastic Container Service for Kubernetes (EKS) environments running in AWS or AWS Outposts as well as self-managed Kubernetes running on Elastic Compute Cloud (EC2). Available on the AWS Marketplace, the StackRox platform is a AWS Container Competency technology partner that enables customers to protect their cloud-native infrastructure from vulnerabilities and misconfigurations, ensure compliance with external and internal policies, and detect and stop runtime threats.
Protect your containers against vulnerabilities from the time images are built until they’re deployed and running. StackRox can block vulnerable images from being deployed and integrates with your approved image registries, including Amazon Elastic Container Registry (ECR), for granular policy enforcement. StackRox also provides extensive support for third-party scanners, including Anchore, Clair, and Tenable, to augment your existing image scanning tools.
StackRox provides comprehensive network security for deployments running on EKS or EC2. Leverage our network graph to see your allowed vs. active network traffic across your deployments. We integrate with any Container Network Interface to leverage the power of EKS or Kubernetes on EC2 for network policy enforcement. Use StackRox to simulate and apply changes to network segmentation policies, and automatically generate updated YAML files based on behavioral modeling of active traffic to tighten overly permissive Kubernetes network policies.
StackRox is laser focused on the key protections we need, and the white glove service has been tremendous. And by natively deploying in Kubernetes, StackRox provides the low friction approach we need.
Continuous compliance with CIS Benchmarks and other specs
StackRox provides industry-leading compliance capabilities to help ensure adherence to CIS Benchmarks for Docker and Kubernetes as well as NIST, PCI, and HIPAA. Use our policy templates to instantly generate audit reports and easily identify non-compliant clusters, nodes, or namespaces in EKS or EC2.
StackRox leverages its Kubernetes-native architecture to apply rich context for configuration management, spanning containers, images, deployments, and EKS. With StackRox, organizations can identify and remediate misconfigurations such as exposed secrets, excessive privileges, and unnecessary network reachability. Leverage pre-built policy templates or create custom policies to prevent builds or deployments that don’t meet your security, compliance, or DevOps best practices requirements.
Runtime detection and response
StackRox combines behavioral modeling with rules, allow listing, and baselining to detect and prevent runtime threats on EKS or Kubernetes on EC2. StackRox identifies threats as they occur across several critical areas, including process execution, network connections and flows, and privilege escalation. Use our out-of-the-box policies and automated policy enforcement, or build custom policies that combine industry standards with your own company’s internal policies.
Risk prioritization at scale
Use StackRox to automatically profile and prioritize risks across every EKS deployment. Unlike other security solutions, StackRox goes beyond image scanning to combine CVE details with additional risk factors such as deployment misconfigurations including exposed secrets or overly open network policies, runtime anomalies, and other contextual information to identify the top issues that require immediate remediation.