Securing Hybrid Kubernetes Workloads on Google Anthos · Google Kubernetes Engine (in the cloud and...
Transcript of Securing Hybrid Kubernetes Workloads on Google Anthos · Google Kubernetes Engine (in the cloud and...
Securing Hybrid Kubernetes Workloads on Google Anthos
Google introduced Anthos to allow organizations to build their
Kubernetes workloads once and run them anywhere. Customers can
leverage Anthos’ hybrid functionality to deploy their clusters in their own
data centers, with GKE on prem and in the cloud, and on third-party
cloud platforms such as Amazon Web Services (AWS) or Microsoft
Azure. To take advantage of the portability of Anthos, however,
organizations need to take specific steps to protect these workloads.
In sprawling Kubernetes environments that span multiple clouds as well
as on-premises data centers, attaining security parity can be difficult.
Much like Kubernetes enables workload portability, Kubernetes-native
security enables a portable security architecture. In multi-cloud
deployments, organizations need security tooling that can consistently
enforce the same set of security policies across all workloads and
environments and remove security gaps and blind spots.
The StackRox Kubernetes Security Platform integrates with Google
Anthos to deliver full life cycle container and Kubernetes security across
all Kubernetes workloads managed by Anthos—in GCP, multi-cloud,
on-premises, and hybrid environments.
Key Benefits
StackRox delivers a broad set of security capabilities for Anthos
environments, giving you:
• A single point of control to enforce your security, compliance, and
governance policies
• Security that goes wherever your workloads are deployed, without any additional work or operational risk
• A uniform and environment-agnostic security management tool that eliminates security gaps between environments
1
“StackRox delivers
business critical
threat detection
capabilities to
Kubernetes users,
and this
collaboration
enables strong
runtime security
controls for
enterprise
applications running
on Google Cloud.”
– Aparna Sinha,
Group Product Manager,
Kubernetes and GKE,
Google Cloud
2
Deep integration with DevOps systems
The StackRox Kubernetes Security Platform
Visibility Vulnerability mgmt Compliance Network segmentation
Risk profiling Configuration mgmt Threat detection Incident response
Integrations
Anthos Config ManagementUnderstand the security risk of configuration changes made to your clusters by the Anthos Config Management tool
Google Kubernetes Engine (in the cloud and on prem)Get Kubernetes-native visibility, compliance, risk profiling, policy enforcement, and threat detection across all your GKE clusters.
Google Container Registry (GCR)Secure your images with data from public or private GCR repositories, including vulnerabilities from GCR Container Analysis.
Container-Optimized OS (COS) from GoogleDetect attacks in your Kubernetes clusters running on COS at runtime and use multi-factor risk profiling to prioritize the deployment that need immediate fixing.
Google Cloud Security Command Center (Cloud SCC)Enhance your Cloud SCC dashboard with critical risk context and runtime threat detection for your Kubernetes clusters.
Use Cases
Visibility – see your entire landscape of images, registries, containers, deployments, and runtime behavior
Vulnerability management – go beyond vuln scores to enforce configuration best practices at build, deploy, and runtime
Compliance – check whether your systems meet controls for CIS Benchmarks, NIST, PCI, and HIPAA
Network segmentation – leverage the native controls in Kubernetes to enforce networking policies at scale
Risk profiling – See a stack-ranked list of all deployments with risk factors to identify
Configuration management – apply best practices for Docker and Kubernetes to build your systems securely from the start.
Threat detection – use rules, whitelists, and baselining to identify suspicious runtime behavior in your systems
Incident response – take action, from alerting to blocking deployments and killing pods to thwarting runtime attacks
Request a demo today!
[email protected]+1 (650) 489-6769www.stackrox.com
StackRox helps enterprises secure their containers and Kubernetes environments at scale. The
StackRox Kubernetes Security Platform enables security and DevOps teams to enforce their
compliance and security policies across the entire container life cycle, from build to deploy to
runtime. StackRox integrates with existing DevOps and security tools, enabling teams to quickly
operationalize container and Kubernetes security. StackRox customers span cloud-native start-
ups Global 2000 enterprises, and government agencies.
LET’S GET STARTED
©2019 StackRox, Inc. All rights reserved.
Why StackRox
Richer context from Anthos
The StackRox platform evaluates risk using a
deployment-centric view, incorporating a wide variety
of factors derived from Anthos. CVEs aren’t enough:
the same vulnerability poses a higher risk in a publicly
exposed production service than in an isolated
development container. StackRox taps the declarative
data in Anthos to prioritize risk, improve visibility,
enhance compliance, and enrich all security use cases.
Native enforcement
Deep integration with Anthos and Kubernetes enables
the StackRox platform to tap into the power of open
source development, providing a more robust, scalable
security. You get universal, portable controls and full
alignment between DevOps and Security. StackRox
leverages Kubernetes to contain and respond to
security issues, and our visualization and simulation
capabilities simplify network policy enforcement and
secrets management.
Continuous hardening
The feedback loop at the heart of the StackRox
platform applies learnings across the container life
cycle to constantly shrink the attack surface. Data from
build and deployment enables more accurate
detection, and runtime activity monitoring yields.
Visibility and Asset Management
Risk Profiling Response
Detection
Build/Deploy Runtime