Securing Kubernetes for Federal Agencies
Full lifecycle security across build, deploy, and runtime phases for your Kubernetes workloads
Security for containers and Kubernetes
Agencies have adopted the cloud-native stack, including containers and Kubernetes, to increase agility and accelerate application development. However, adoption of container technologies also requires the necessary security controls that protect the cloud-native stack. StackRox provides a comprehensive security solution to defend federal cloud-native infrastructure from vulnerabilities and misconfigurations, ensure compliance with external and internal policies, and detect and stop runtime threats.
Backed by In-Q-Tel
In-Q-Tel has made a strategic investment in StackRox to help Federal agencies protect their cloud-native stack. Reducing the attack surface, profiling runtime risk, and detecting and stopping attacks drive value for these agencies.
Extending CDM to containerized infrastructure
The initial design requirements of the DHS CDM program were tailored to securing on-premises and data center infrastructures. The move to cloud-native architecture has changed the security paradigm for agencies, but the goals remain the same. For example, the primary CDM tenets of identifying network assets and reducing their vulnerabilities still apply. Agencies can leverage StackRox to extend the same security controls espoused by CDM to their containerized and Kubernetes environments. StackRox is excited to provide the only container security platform on the Approved Products List (APL) for CDM.DOWNLOAD SOLUTION BRIEF
Made in the USA
StackRox runs all product development, engineering, and customer support operations out of our headquarters in Mountain View, CA, in the heart of Silicon Valley. Our U.S.-based team has extensive experience serving the particular needs of the Federal Government, and many of our staff have run security operations at the NSA and other US IC agencies.
The StackRox platform uses a fundamentally different approach to secure containers across their life cycle, from build to runtime, which will help protect our Intelligence Community partners against emerging container-based threats.
Effortless procurement option
Federal procurement processes are often lengthy and unable to keep pace with fast-changing technology and user needs. StackRox is Enterprise-Wide Procurement (SEWP) authorized and General Services Administration (GSA) IT Schedule 70 approved technology provider to help expedite the procurement process for federal agencies.
Vulnerability management and risk profiling
Protect your containers against vulnerabilities from the time images are built until they’re deployed and running. StackRox can block vulnerable images from being deployed and integrates with your approved image registries for granular policy enforcement. Unlike other security solutions, however, StackRox goes beyond image scanning to combine CVE details with additional risk factors such as deployment misconfigurations including exposed secrets or overly open network policies, runtime anomalies, and other contextual information to identify the top issues that require immediate remediation.
StackRox provides comprehensive network security for deployments running on Kubernetes. Leverage our network graph to see your allowed vs. active network traffic across your deployments. We integrate with any Container Network Interface to leverage the power of Kubernetes for network policy enforcement. Use StackRox to simulate and apply changes to network segmentation policies, and automatically generate updated YAML files based on behavioral modeling of active traffic to tighten overly permissive Kubernetes network policies.
Continuous compliance with CIS Benchmarks and other specs
StackRox provides industry-leading compliance capabilities to help ensure adherence to CIS Benchmarks for Docker and Kubernetes as well as NIST, PCI, and HIPAA. Use our policy templates to instantly generate audit reports and easily identify non-compliant clusters, nodes, or namespaces in Kubernetes.
StackRox leverages its Kubernetes-native architecture to apply rich context for configuration management, spanning containers, images, deployments, and Kubernetes. With StackRox, organizations can identify and remediate misconfigurations such as exposed secrets, excessive privileges, and unnecessary network reachability. Leverage pre-built policy templates or create custom policies to prevent builds or deployments that don’t meet your security, compliance, or DevOps best practices requirements.
Runtime detection and response
StackRox combines behavioral modeling with rules, whitelisting, and baselining to detect and prevent runtime threats Kubernetes. StackRox identifies threats as they occur across several critical areas, including process execution, network connections and flows, and privilege escalation. Use our out-of-the-box policies and automated policy enforcement, or build custom policies that combine industry standards with your own company’s internal policies.