Posts under Detection
We’re excited to announce today that we’ve added support for the latest version of the Google Cloud Security Command Center (Cloud SCC). StackRox has collaborated with the Cloud SCC team as part of our Google Cloud partnership since Cloud SCC’s alpha release, and we’re excited that the platform is now generally available. The StackRox Kubernetes Security Platform enables customers to meet their security and compliance requirements across the container lifecycle, and we’ve integrated deeply with Kubernetes to deliver the key capabilities essential to an effective container security solution.
Here at Stratus Medicine, we have the challenge of figuring out how to secure code that we didn’t write. Think of us as the middleman between healthcare providers wanting to test innovative applications and healthcare application creators looking to get their new software running with real users and real data sets. Our Stratus Platform brings these groups together, which leaves us with the task of securing sensitive patient data along with code we didn’t write.
Earlier today, the CyberEdge Group published its 6th annual Cyberthreat Defense Report. The report includes a variety of interesting findings, which we’ll detail below. But the section of the report I found most interesting comes after all the survey results. “The Road Ahead” chapter offers advice on areas of security that need “proactive attention and investment.” The authors took great time and care to lay out the advanced capabilities needed to secure containers, citing:
We’re picking up our coverage of Gartner’s security conference with a continued discussion of the Top 10 Security Projects Gartner recommends you do this year, in prioritized order. In Part I of the discussion, we highlighted Privileged Account Management, CARTA-inspired Vulnerability Management, and Active Anti Phishing. Neil continued his list by highlighting the need for protections like StackRox provides. #4 – Application Control on Server Workloads For this project, Neil emphasized the need to reduce the attack surface and limit certain functions from running on servers.
We’ve been highlighting a number of the talks at Gartner’s security conference last month, including on the value of shifting right with security, risk-prioritized vulnerability guidance, and the principles of continuous security. In this recap, we’ll profile Neil MacDonald’s presentation on the Top 10 Security Projects you should undertake this year. He led off the talk acknowledging we’re never “done” in security, and that it’s futile to try to build perfect security.
In recent blog posts, we’ve been highlighting some of the key takeaways from Gartner’s recent security conference. In the session on the top 10 principles of CARTA (Continuous Adaptive Risk and Trust Assessment), Neil MacDonald highlighted how organizations need to change their security practices to match today’s world. One of the more interesting observations Neil made was that organizations in general have over-invested in preventative measures and they’ve underinvested in the detection and response.
As we continue to explore some of the major themes from Gartner’s recent security conference, the theme of Continuous Security came up throughout the week. Gartner analyst Neil MacDonald spent time defining both the principles of CARTA — Continuous Adaptive Risk and Trust Assessment — and highlighting the priority security projects that adhere to those principles. Most security infrastructure, Neil argues, was designed for a world in which we knew good vs.
Today, we are excited to announce the release of StackRox Detect and Respond 2.0, our container-native runtime security product, and StackRox Adversarial Intent Model, the foundation for our ongoing threat research and threat detection strategy. While our previous 1.3 release focused on providing greater flexibility, configurability, and scalability for customers, version 2.0 expands the breadth and depth of our threat detection capabilities and adds advanced automation features to make it easier for enterprise customers to protect their container environments, whether they are running on-premise or in popular cloud service providers such as Amazon Web Services (AWS), Google Compute Platform (GCP), Microsoft Azure and others.
Since day one at StackRox, three years ago, we’ve made it a point to meet regularly with CISOs from top banks and other global 2000 companies. The focus of these discussions was on how we might expedite the adoption of containers, and improve the process of maintaining better security and regulatory compliance. Over the course of these many conversations, I’ve found that there are some important ideas worth sharing broadly, though they’re likely most interesting to IT and security leaders in the financial world, where both competitive and regulatory pressures are very high.
Four and a half years since it was first introduced, Docker continues to have a profound impact on reshaping how developers build, ship, and run software applications. Few could have anticipated the speed of Docker adoption that we have observed to date with more than 21 million hosts now running Docker, over 24 billion Docker container downloads, and a vibrant ecosystem of 100,000+ third-party projects that incorporate Docker. As the de facto standard for the container runtime and image format, Docker has democratized the ability for anyone to take advantage of container technologies that could previously only be utilized by a handful of the world’s largest, cloud-native companies.
In the three and a half years since its release, Kubernetes has become one of the most popular container management systems on the market. A survey by 451 Research found that 71% of enterprise organizations running containers are using Kubernetes. Likewise, Google Kubernetes Engine (GKE) has emerged as one of the leading managed services for Kubernetes deployments, attracting customers like Niantic, Philips, Meetup, and Evernote. GKE extends the baseline benefits of Kubernetes, including automated cluster deployment, managed container networking, autoscaling, and a managed master node with guaranteed uptime and automated Kubernetes upgrades.
Machine learning (ML) can be a powerful tool for augmenting the detection efficacy of a cybersecurity solution. Using it effectively means first cutting through the hype and understanding the tangible steps needed to build models with it. The vast majority of enterprise security solutions – from antivirus applications to firewalls to intrusion detection and prevention systems – use (or at least claim to use) ML to detect threats that traditional approaches can’t, in many cases because such threats unfold faster or on a much larger scale than a traditional security solution can process.
Today we are excited to announce that version 1.3 of the StackRox platform is now generally available. Every new release adds a number of significant features, but 1.3 in particular enables greater flexibility, configurability, and scalability when securing some of the world’s largest enterprises running containers in production. We previously wrote that threat protection in container environments has to start with visibility and detection. This release delivers several advancements to detection rules, policies, and deployment automation that enable StackRox to discover a broader set of threats, faster.
On Tuesday, I had the honor of speaking about “Bringing the fight back to your security team,” at Structure Security 2017. My panel was comprised of former U.S. Government cybersecurity leaders who are now in the private sector, helping defend enterprises against attacks. Acknowledging that we’re flooded with breaches – with a record-breaking 4 billion personal records stolen by hackers in 2016 – we discussed strategies to turn the tide.
Enterprise organizations across diverse verticals, such as 3M, Adobe, Kellogg’s, and Netflix, have been ramping up their use of the public cloud to the point where that usage accounts for a substantial portion of their annual IT spend. ‘Enterprises with big budgets, data centers, and complex applications are now looking at cloud as a viable place to run core business applications’, according to Dave Bartoletti, an analyst at Forrester Research.
At StackRox, we’re thrilled to have the support of Ron Gula, an industry luminary and invaluable mentor to me for the past decade. Ron is a longtime leader in the security community, having started his career at the National Security Agency (NSA) conducting penetration tests of government networks and performing advanced vulnerability research. Ron is also an experienced entrepreneur, CTO, and CEO, as the original author of the Dragon Intrusion Detection System, CTO of Network Security Wizards (acquired by Enterasys Networks), and cofounder of Tenable Network Security, where he served as CEO from 2002-2016.