Pivotal Container Service (PKS) Security
Full lifecycle security across build, deploy, and runtime phases for your Kubernetes workloads on Essential and Enterprise PKS
Security for Kubernetes on Pivotal
The StackRox platform, with its deep integrations with Kubernetes, provides full life cycle security across build, deploy, and runtime phases for your Kubernetes environments on Pivotal. Customers trust StackRox to protect their cloud-native applications across on-premises (with vSphere), hybrid, or multi-cloud Essential or Enterprise PKS environments from vulnerabilities and misconfigurations, ensure compliance with external and internal policies, and detect and stop runtime threats.
Protect your containers against vulnerabilities from the time images are built until they’re deployed and running. StackRox can block vulnerable images from being deployed and integrates with your approved registries, including Harbor, for granular policy enforcement. StackRox also provides extensive support for third-party image scanners such as Anchore, Red Hat Quay, Clair, and others to augment your existing image scanning tools.
StackRox provides comprehensive network security for Kubernetes deployments on PKS. Leverage our network graph to see your allowed vs. active network traffic across deployments. We work with any Container Network Interface (CNI) plugin to leverage the power of PKS for network policy enforcement. Use StackRox to simulate and apply changes to network segmentation policies, and automatically generate updated YAML files based on behavioral modeling of active traffic to tighten overly permissive PKS network policies.
We’ve standardized on Kubernetes, so using its built-in networking policies is the best way to isolate our workloads.
Continuous compliance with CIS benchmarks and beyond
StackRox provides industry-leading compliance capabilities to help ensure adherence to CIS Benchmarks for Docker and Kubernetes as well as NIST, PCI, and HIPAA. Use our policy templates to instantly generate audit reports and effortlessly identify non-compliant clusters, nodes, or namespaces.
StackRox leverages its Kubernetes-native architecture to apply rich context for configuration management, spanning containers, deployments, and PKS itself. With StackRox, organizations can identify and remediate misconfigurations such as exposed secrets, excessive privileges, and unnecessary network reachability. Leverage pre-built policy templates or create custom policies to prevent builds or deployments that don’t meet your security, compliance, or DevOps best practices requirements.
Runtime detection and response
StackRox combines behavioral modeling with rules, whitelisting, and baselining to detect and prevent runtime threats on PKS. StackRox identifies threats as they occur across several critical areas, including process execution, network connections and flows, and privilege escalation. Automate response by using our out-of-the-box or custom policies that align industry standards with your company’s own processes.
Risk prioritization at scale
Use StackRox to automatically profile and prioritize risks across every Kubernetes deployment on PKS. Unlike other security solutions, StackRox goes beyond image scanning to combine CVE details with other risk factors, such as deployment misconfigurations including exposed secrets or overly permission network policies, runtime anomalies, and other contextual information to identify the top issues that need immediate remediation.