Posts under Detection
We’re picking up our coverage of Gartner’s security conference with a continued discussion of the Top 10 Security Projects Gartner recommends you do this year, in prioritized order. In Part I of the discussion, we highlighted Privileged Account Management, CARTA-inspired Vulnerability Management, and Active Anti Phishing. Neil continued his list by highlighting the need for protections like StackRox provides. #4 – Application Control on Server Workloads For this project, Neil emphasized the need to reduce the attack surface and limit certain functions from running on servers.
We’ve been highlighting a number of the talks at Gartner’s security conference last month, including on the value of shifting right with security, risk-prioritized vulnerability guidance, and the principles of continuous security. In this recap, we’ll profile Neil MacDonald’s presentation on the Top 10 Security Projects you should undertake this year. He led off the talk acknowledging we’re never “done” in security, and that it’s futile to try to build perfect security.
In recent blog posts, we’ve been highlighting some of the key takeaways from Gartner’s recent security conference. In the session on the top 10 principles of CARTA (Continuous Adaptive Risk and Trust Assessment), Neil MacDonald highlighted how organizations need to change their security practices to match today’s world. One of the more interesting observations Neil made was that organizations in general have over-invested in preventative measures and they’ve underinvested in the detection and response.
As we continue to explore some of the major themes from Gartner’s recent security conference, the theme of Continuous Security came up throughout the week. Gartner analyst Neil MacDonald spent time defining both the principles of CARTA — Continuous Adaptive Risk and Trust Assessment — and highlighting the priority security projects that adhere to those principles. Most security infrastructure, Neil argues, was designed for a world in which we knew good vs.
Today, we are excited to announce the release of StackRox Detect and Respond 2.0, our container-native runtime security product, and StackRox Adversarial Intent Model, the foundation for our ongoing threat research and threat detection strategy. While our previous 1.3 release focused on providing greater flexibility, configurability, and scalability for customers, version 2.0 expands the breadth and depth of our threat detection capabilities and adds advanced automation features to make it easier for enterprise customers to protect their container environments, whether they are running on-premise or in popular cloud service providers such as Amazon Web Services (AWS), Google Compute Platform (GCP), Microsoft Azure and others.
Since day one at StackRox, three years ago, we’ve made it a point to meet regularly with CISOs from top banks and other global 2000 companies. The focus of these discussions was on how we might expedite the adoption of containers, and improve the process of maintaining better security and regulatory compliance. Over the course of these many conversations, I’ve found that there are some important ideas worth sharing broadly, though they’re likely most interesting to IT and security leaders in the financial world, where both competitive and regulatory pressures are very high.
Four and a half years since it was first introduced, Docker continues to have a profound impact on reshaping how developers build, ship, and run software applications. Few could have anticipated the speed of Docker adoption that we have observed to date with more than 21 million hosts now running Docker, over 24 billion Docker container downloads, and a vibrant ecosystem of 100,000+ third-party projects that incorporate Docker. As the de facto standard for the container runtime and image format, Docker has democratized the ability for anyone to take advantage of container technologies that could previously only be utilized by a handful of the world’s largest, cloud-native companies.
In the seventh video in our demo series, we’ll take a look at StackRox machine learning capabilities. StackRox uses five simultaneous machine learning models to continuously capture and analyze millions of signals from your container and microservices environments, delivering insight and intelligence. You can use these powerful models – snapshot them, import and export them – in your distributed environments for good security hygiene and baselining for effective threat detection.
In the three and a half years since its release, Kubernetes has become one of the most popular container management systems on the market. A survey by 451 Research found that 71% of enterprise organizations running containers are using Kubernetes. Likewise, Google Kubernetes Engine (GKE) has emerged as one of the leading managed services for Kubernetes deployments, attracting customers like Niantic, Philips, Meetup, and Evernote. GKE extends the baseline benefits of Kubernetes, including automated cluster deployment, managed container networking, autoscaling, and a managed master node with guaranteed uptime and automated Kubernetes upgrades.
Machine learning (ML) can be a powerful tool for augmenting the detection efficacy of a cybersecurity solution. Using it effectively means first cutting through the hype and understanding the tangible steps needed to build models with it. The vast majority of enterprise security solutions – from antivirus applications to firewalls to intrusion detection and prevention systems – use (or at least claim to use) ML to detect threats that traditional approaches can’t, in many cases because such threats unfold faster or on a much larger scale than a traditional security solution can process.
In this fourth video of our demo series, I show how our solution gives responders the capabilities to hunt for threats in their environments by looking for malicious indicators. In this video, see how StackRox tracks suspicious events over time and surfaces them if they are used in malicious activity.
Here is our third video in our demo series, focusing on search and asset discovery. Watch the video below to learn about StackRox search and enumeration capabilities. See how we are able to leverage data optimization and machine learning, translating millions of signals into queryable infrastructure data at the hands of your security analyst.
Today we are excited to announce that version 1.3 of the StackRox platform is now generally available. Every new release adds a number of significant features, but 1.3 in particular enables greater flexibility, configurability, and scalability when securing some of the world’s largest enterprises running containers in production. We previously wrote that threat protection in container environments has to start with visibility and detection. This release delivers several advancements to detection rules, policies, and deployment automation that enable StackRox to discover a broader set of threats, faster.
We’re pleased to present the second video in our demo series. Watch the video below to learn about StackRox alert stories, helping security analysts examine events and data required for enforcement and responsive action. We’ll take a look at how StackRox focuses on techniques all attackers require to move and take action in an environment.
We’re pleased to begin our video demo series walking you through the StackRox platform. Our first video features a look at our map view and visibility features. This allows security teams to quickly understand what’s impacting their infrastructures, and gain a clear view of the risk across their overall environment.
On Tuesday, I had the honor of speaking about “Bringing the fight back to your security team,” at Structure Security 2017. My panel was comprised of former U.S. Government cybersecurity leaders who are now in the private sector, helping defend enterprises against attacks. Acknowledging that we’re flooded with breaches – with a record-breaking 4 billion personal records stolen by hackers in 2016 – we discussed strategies to turn the tide.