Download Gartner Report: Best Practices for Running Containers and Kubernetes in Production DOWNLOAD NOW
{ .link_text }}

Network Segmentation

Only StackRox leverages the power of Kubernetes and Istio to enforce network policies. Visualize existing policies, simulate new ones, generate updated YAML files, and apply them directly to Kubernetes - all in the StackRox platform.


Visualize your network attack surface

The YAML files that embed network policies in Kubernetes can be tricky to interpret. StackRox displays those policies visually, showing allowed vs. active paths and highlighting which nodes are not isolated and which are open to the Internet. You get an instant view of your entire attack surface.

 

Tighten overly permissive network policies with proper segmentation

Kubernetes by default allows open communications among all assets. This “default allow” approach simplifies development but increases security risk. StackRox makes it easy to see which open communications paths are not needed for your apps to run so you can reduce your blast radius.

 

Auto generate and apply YAML files

StackRox analyzes your allowed vs. active communications paths to make recommendations on network segmentation policies that reduce risk. With StackRox, you can simulate a new policy, generate an updated YAML file that instantiates that policy, and apply the YAML directly to Kubernetes or send it to your DevOps teams to apply.

 

Istio security

StackRox extends network security visibility to the Istio service mesh, allowing you to visualize and understand network traffic between Istio services and the rest of your environment.

 

Want to learn more?

Check out more information on the StackRox Kubernetes Security Platform

Ready to secure your containers?

Our container security experts would love to show you StackRox in action