Mountain View, CA, USA
Sep 23, 2020   |  By Ajmal Kohgadai
Most organizations have a DevSecOps initiative and responsibility for container security continues to evolve and remains decentralized. These are two of the findings from our latest report on the state of container and Kubernetes security.
Sep 16, 2020   |  By Wei Lien Dang
To understand how to effectively secure your Kubernetes environments, it is informative to understand the architecture of Kubernetes itself as well as where and how to focus efforts on valuable mitigations, especially those which require administrator or user configuration when provisioning clusters. Kubernetes is a robust yet complex infrastructure system for container orchestration, with multiple components that must be adequately protected.
Sep 11, 2020   |  By Michelle McLean
We were already having a great day yesterday – responding to all the congratulations messages on our funding, our huge 240% increase in revenue, and our customer momentum – when news hit that we were named amongst that select group of SINET 16 Innovator Award winners. Wow. The tally of security vendors hovers around 2500, and we’re called out as one of the 16 most innovative across that entire landscape.
Sep 10, 2020   |  By Kamal Shah
Today we’re excited to announce our $26.5M round of funding led by Menlo Ventures, with participation from Highland Capital Partners and Hewlett-Packard Enterprise along with existing investors Redpoint Ventures and Sequoia Capital.
Sep 10, 2020   |  By Wei Lien Dang
The final part of our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – analyzes a set of techniques that fall under the category known as Impact. These techniques are aimed at disrupting or destroying resources and activity within the target environment, or in other words, the ultimate goal of an attacker. These include techniques to achieve data destruction, resource hijacking or denial of service.
Sep 8, 2020   |  By Wei Lien Dang
Securing pods, and the containers that run as part of them, is a critical aspect of protecting your Kubernetes environments. Among other reasons, pods and containers are the individual units of compute that are ultimately subject to adversarial techniques that may be used as part of any attack on your Kubernetes clusters.
Sep 1, 2020   |  By Wei Lien Dang
The eighth installment in our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – examines lateral movement. Following a breach, an attacker might try to move throughout the environment to gain access to other resources, including other containers, nodes, or cloud resources. This blog post covers the set of techniques an attacker can employ to achieve lateral movement and offers guidance to mitigate them.
Aug 26, 2020   |  By Michelle McLean
I’ve had the good fortune to get to know Pathik Patel, head of cloud security at Informatica, over the past 18 months since he became a StackRox customer, and today we’re sharing the news of our joint success story. Across our numerous conversations, he has repeatedly impressed me with his forward thinking on how to innovate security processes, approaches, and tooling to keep Informatica at the forefront of securely enabling sophisticated data management, detailed in this case study.
Aug 20, 2020   |  By Ross Tannenbaum
Many applications rely on gRPC to connect services, but a number of modern load balancers still do not support HTTP/2, and, in turn, gRPC. In an earlier blog post, we showed a way to take advantage of the gRPC-Web protocol to circumvent this issue. That solution works well for non-client-streaming gRPC calls — with this new approach, we can support client/bidirectional-streams.
Aug 19, 2020   |  By Wei Lien Dang
The last several months have been a busy time for the Kubernetes community, and especially the Kubernetes release team, amid the challenges caused by the ongoing pandemic. The Kubernetes project itself has felt the impact, with the upcoming release of version 1.19 having been postponed and the project’s release schedule adjusted to accommodate the ongoing disruption to people’s lives.
May 30, 2020   |  By StackRox
Speaker: Andy Clemenko, Solutions Engineer, StackRox
Apr 6, 2020   |  By StackRox
Learn about the best practices and recommended approaches to implementing a successful DevSecOps program
Mar 18, 2020   |  By StackRox
George Gerchow, chief security officer at Sumo Logic, talks about applying security early in the app dev process and how leveraging the Kubernetes-native architecture of StackRox fits perfectly into that mandate.
Feb 25, 2020   |  By StackRox
In this StackRox video, Karen Bruner takes a wide-ranging look at the current features and limitations of the managed Kubernetes services from the three largest cloud service providers: Amazon’s Elastic Kubernetes Service (EKS), Microsoft’s Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). We hope that by presenting this information side-by-side, both current Kubernetes users and prospective adopters can see their options or get an overview of the current state of managed Kubernetes.
Feb 25, 2020   |  By StackRox
Google wraps a lot of great services around Google Kubernetes Engine (GKE), its managed Kubernetes service. But even with Google taking on so much infrastructure setup and management, you still have responsibilities for significant aspects of security and compliance.
Feb 25, 2020   |  By StackRox
The recent Kubernetes security audit and the issues it identified got lots of publicity. But did you know that the audit reports also include many recommendations you can apply today to improve your security posture?
Feb 25, 2020   |  By StackRox
Join us to get your questions answered on how to improve security and reduce your blast radius while increasing velocity in cloud-native environments.
Feb 25, 2020   |  By StackRox
We take a deep-dive into how to implement best-in-class security for your EKS clusters and workloads, including:
    , Using and building secure container images , Best practices for AWS VPC design and workload AWS IAM controls , Controlling cluster access with authentication and RBAC , Network security options and workload security using security policies and namespaces , Monitoring cluster security
Feb 25, 2020   |  By StackRox
For many DevOps teams, Kubernetes has become an enterprise IT mandate, but like previous waves of infrastructure change, Kubernetes security best practices must be followed throughout the container life cycle.
Feb 10, 2020   |  By StackRox
Download to learn about: Key Kubernetes security considerations you must be aware of, Operationalizing built-in Kubernetes security features (RBAC, admission controllers, network policies), Security best practices for building/deploying containers as well as protecting your containerized apps during runtime, and How StackRox helps customer secure their containers and Kubernetes across build, deploy, and runtime phases.
Mar 3, 2019   |  By StackRox
Download our definitive guide to implementing a container security strategy across the application development life cycle.
Mar 1, 2019   |  By StackRox
Download this guide to learn about the container security challenges to complying with PCI DSS and how StackRox helps bring your container environment into compliance with PCI DSS.
Feb 1, 2019   |  By StackRox
The State of Container Security report was written to understand how container and Kubernetes adoption trends intersected with security concerns.
Jan 1, 2019   |  By StackRox
If you run workloads in Kubernetes, you know how much important data is accessible through the Kubernetes API-from details of deployments to persistent storage configurations to secrets. The Kubernetes community has delivered a number of impactful security features in 2017 and 2018, including Role-Based Access Control (RBAC) for the Kubernetes API.
Dec 1, 2018   |  By StackRox
Download our security toolkit for valuable tips and practical suggestions on how to harden containers and hosts as a first step toward a more secure container environment.
Nov 1, 2018   |  By StackRox
Containers have generated plenty of fear, uncertainty, and doubt in the blogosphere about what's needed to secure them. They are ephemeral, they are too numerous to count, they talk to each other (East-West) more than they communicate with the outside World (NorthSouth), and they are typically part of a fast-moving continuous integration/continuous deployment (CI/CD) freight train.
Oct 1, 2018   |  By StackRox
Download to learn about the 9 security settings that you should check immediately to help ensure your Kubernetes environment is secure
Sep 1, 2018   |  By StackRox
As you evolve your security strategy and seek out new solutions to protect your application container environments, consider these 5 essential aspects to ensure the most effective threat protection, along with minimal DevOps toolchain friction and improved security management.

The StackRox Kubernetes Security Platform protects your applications across the entire container life cycle. The software discovers your full container environment, ensures assets adhere to your security policies, and identifies and stops malicious actors. Continuously improving security – that’s StackRox.

Containers offer intrinsic security benefits but at the same time increase the attack surface. The StackRox Kubernetes Security Platform maximizes the inherent security advantages of containers – immutability and declarative configuration – to help you harden your container environment. Our software integrates with tooling across the container ecosystem to provide the industry’s best risk profiling, highlighting those assets that need an immediate fix.

Why Customers Choose StackRox?

  • Reduce your Attack Surface: StackRox enforces service-centric deployment policies on vulnerabilities and configurations in your images and orchestrator settings to mandate fixes during the build phase. The StackRox software can block services from deploying if they violate critical policies. You can also set the StackRox software to allow services with non-critical risks to deploy, but immediately issue notifications to your dev teams with remediation suggestions and instructions. Finally – you can run fast AND run safe.
  • Profile Runtime Risk: StackRox prioritizes the most critical security issues to address. The StackRox software provides this risk profiling by tapping into a broad set of factors, including orchestrator settings, network policies, secrets usage, container configuration, and other metrics. StackRox provides an automated means to profile and monitor your highest-risk assets during runtime, automatically elevating those assets with potential signs of attacker activity to the top of your queue. Finally – a pragmatic, context-based approach to managing your security program.
  • Detect and Respond: StackRox leverages continuous machine learning to adapt its understanding of your application environment. Constantly tuning its settings, the StackRox software minimizes false positives and false negatives. You can also set response options, including alerts and killing containers, to meet your needs. Finally – detection that adapts to the dynamic world of containers.

Security Across Your Entire Container Life Cycle.