Securing Docker Containers
Full lifecycle security across build, deploy, and runtime phases for your Docker containers
Security for Docker containers
StackRox provides full life cycle security across build, deploy, and runtime phases for your Docker containers. StackRox integrates with the Docker container engine as well as registries including Docker Hub and Docker Trusted Registry to provide unparalleled security and compliance capabilities. StackRox goes beyond the first-generation container-native architectures to provide a container- and Kubernetes-native architecture that offers richer context, native enforcement, and continuous hardening.
Vulnerability management for Docker images
Protect your containers against vulnerabilities from the time images are built until they’re deployed and running. StackRox can block Docker images with vulnerabilities from being deployed and integrates with your approved registries for granular policy enforcement. In addition, StackRox provides extensive support for third-party scanners, such as Docker Security Scanning, Anchore, Clair, and Tenable to augment your existing image scanning tools.
StackRox provides comprehensive network security across Docker containers. Leverage our network graph to see your allowed vs. active network traffic across deployments. We integrate with any Container Network Interface to leverage the power of Kubernetes for network policy enforcement. Use StackRox to simulate and apply changes to network segmentation policies, and automatically generate updated YAML files based on behavioral modeling of active traffic to tighten overly permissive Kubernetes network policies.
The StackRox platform watches our workloads in real time and can tell Kubernetes to kill a container that acts like it’s compromised. That scales our small team.
Compliance with CIS benchmarks
StackRox provides industry-leading compliance capabilities to help ensure adherence to CIS Benchmarks for Docker. Use our policy templates to instantly generate audit reports to effortlessly identify non-compliant clusters, nodes, or namespaces.
StackRox leverages its Kubernetes-native architecture to apply rich context for configuration management, spanning containers, images, and Kubernetes deployments. With StackRox, organizations can identify and remediate misconfigurations such as exposed secrets, excessive privileges, and unnecessary network reachability. Leverage pre-built policy templates or create custom policies to prevent builds or deployments that don’t meet your security, compliance, or DevOps best practices requirements.
Runtime detection and response
StackRox combines behavioral modeling with rules, whitelisting, and baselining to detect and prevent runtime threats on Docker containers. We detect activity from every single Docker container and identify threats as they occur across several critical areas, including process execution, network connections and flows, and privilege escalation. Use our out-of-the-box policies and automated policy enforcement, or build custom policies that combine industry standards with your company’s own internal policies.
Risk prioritization at scale
Use StackRox to automatically profile and prioritize risks across your entire environment. Unlike other security solutions, StackRox goes beyond image scanning to combine CVE details with other risk factors, such as deployment misconfigurations including exposed secrets or overly open network policies, runtime anomalies, and other contextual information to identify the top issues that need immediate remediation.