Only StackRox leverages the power of Kubernetes and Istio to enforce network policies. Visualize existing policies, simulate new ones, generate updated YAML files, and apply them directly to Kubernetes - all in the StackRox platform.
Visualize your network attack surface
The YAML files that embed network policies in Kubernetes can be tricky to interpret. StackRox displays those policies visually, showing allowed vs. active paths and highlighting which nodes are not isolated and which are open to the Internet. You get an instant view of your entire attack surface.
Tighten overly permissive network policies with proper segmentation
Kubernetes by default allows open communications among all assets. This “default allow” approach simplifies development but increases security risk. StackRox makes it easy to see which open communications paths are not needed for your apps to run so you can reduce your blast radius.
Auto generate and apply updated network policies
StackRox analyzes your allowed vs. active communications paths to make recommendations on network segmentation policies that reduce risk. With StackRox, you can simulate a new policy, generate an updated YAML file that instantiates that policy, and apply the YAML directly to Kubernetes or send it to your DevOps teams to apply.
StackRox extends network security visibility to the Istio service mesh, allowing you to visualize and understand network traffic between Istio services and the rest of your environment.
We’ve standardized on Kubernetes, so using its built-in networking policies is the best way to isolate our workloads.