Search

Container & Kubernetes Security

Secure Kubernetes® and other container platforms on any public or private cloud, from code to cloud with Cortex® Cloud
Request a demo
Container Security Hero Front Image

Containers, Kubernetes and containers as a service (CaaS) have become mainstream ways to package and orchestrate services at scale. At the same time, businesses need to ensure they have purpose-built security to address vulnerability management, compliance, runtime protection and network security requirements for their containerized applications.

Microservices architectures are dynamic

Containerized services allow organizations to split development and independently update and scale services. This leads to increased feature velocity, but traditional security lacks the capabilities to secure these new cloud-native architectures.

Hybrid and multicloud architectures add complexity

Due to acquisitions and use case-specific offerings, multicloud has become the new norm. Maintaining consistent visibility, security and compliance can be a challenge across cloud providers and offerings, from vanilla Kubernetes to fully managed CaaS.

Securing the software supply chain is critical

Modern applications lean more than ever on third-party and open-source dependencies. Keeping up with known vulnerabilities and vendor patches creates massive overhead and compliance headaches, requiring integrated security in developer and DevOps tooling.

Container security that spans the full application lifecycle

Cortex Cloud scans container images and enforces policies as part of continuous integration and continuous delivery workflows, continuously monitors code in repositories and registries, and secures both managed and unmanaged runtime environments – combining risk prioritization with runtime protection at scale.
  • Support for public and private clouds
  • Single console for managed and unmanaged environments
  • Full lifecycle security for repositories, images and containers
  • Vulnerability management
    Vulnerability management
  • Container compliance
    Container compliance
  • CI/CD security
    CI/CD security
  • Runtime defense
    Runtime defense
  • Access control
    Access control
SOLUTION

Our approach to Container Security

Vulnerability management

Start with full visibility into all dependencies from containers during the build, deploy and run phases. Cortex Cloud aggregates and prioritizes vulnerabilities continuously in CI/CD pipelines and containers running on hosts or on containers as a service, in public and private clouds.

  • Prioritize remediation with guidance

    Establish risk prioritization across all known CVEs, remediation guidance and per-layer image analysis with vulnerability Top 10 lists.

  • Add guardrails with alerts and blocks for severity levels

    Control the alert and blocking severity level for individual and groups of services during build time and runtime.

  • Leverage unmatched accuracy

    Minimizing false positives with more than 30 upstream data sources. Cortex Cloud is focused on providing only accurate vulnerability information back to developers and security teams.

  • Surface vulnerability information throughout the lifecycle

    Integrate vulnerability management to scan repositories, registries, CI/CD pipelines and runtime environments.

Vulnerability management

Container compliance

Maintainers of container environments face unique configuration challenges compared to server-based monoliths. Cortex Cloud provides more than 400 out-of-the-box and customizable compliance checks to improve posture in containerized environments.

  • Maintain an audit history of compliance over time

    See your total compliance rate with Cortex Cloud, based on continuous and up-to-date views of your container posture, as well as a thorough history of previous scans.

  • Control builds and deployments based on prebuilt and custom policies

    Use templates from leading frameworks, including PCI DSS, HIPAA, GDPR, DISA STIG and NIST SP 800-190, and customize them to your organization’s needs.

  • Implement CIS Benchmarks and proprietary checks

    Leverage preconfigured checks from the CIS Benchmarks and Cortex Cloud’s research for Docker®, Kubernetes, Linux, Windows® and Istio.

  • Set license compliance levels

    Automatically alert on and block licenses that don’t meet your organization’s requirements or require additional details, such as attribution.

  • Manage image trust

    Leverage trusted groups and trusted images to only allow safe images to reach production.

  • Add compliance checks during build and runtime

    Provide alerts and guardrails for misconfigurations at every step of the development lifecycle to decrease patch friction and prevent misconfigurations in production.

test

CI/CD security

The most effective strategy to securing containers is to catch and remediate issues at every step of the development lifecycle. CI/CD workflows offer an opportunity to embed automated security checks in existing development processes, reducing the load on both developers and security teams.

  • Scan repositories and registries for vulnerabilities and misconfigurations

    Check source code and images for vulnerabilities and compliance issues across repositories, such as GitHub, and registries, such as Docker, Quay, Artifactory and more.

  • Lock down deployments to vetted images

    Leverage trusted groups and trusted images to only allow safe images to reach production.

  • Integrate security into CI tooling

    Cortex Cloud includes integrations to alert on and block images with issues from CI tools, such as Jenkins, GitHub Actions, CircleCI, AWS CodeBuild, Azure DevOps, Google Cloud Build and more.

  • Provide software composition analysis (SCA) at every stage

    Provide feedback on package vulnerabilities and open-source licenses from the CLI and repository scans.

CI/CD checks

Runtime defense

Containers scale automatically while running in a variety of environments. Cortex Cloud secures ephemeral containers using predictive and threat-based protection without adding overhead. Our flexible deployments, including agents and agentless options, secure containers running stand-alone on vanilla and managed Kubernetes as well as CaaS environments.

  • Simplify security with a single console

    Leverage support for containers in cloud and on-premises environments across all unmanaged and managed offerings, plus all CRI-compliant runtimes.

  • Detect anomalous behavior automatically

    Automatically profile running containers based on processes, networking and file system behavior and detects and blocks known-bad and anomalous behavior.

  • Gain network visibility across environments

    View all container network communications across your cloud environments in real time.

  • Respond to incidents quickly with automatically captured forensic details

    View the history of events that led up to and followed an incident for threat hunting and lifecycle analysis.

Runtime defense

Access control

Container runtimes and Kubernetes defaults create overly permissive access. Cortex Cloud locks down user and control plane access to Docker and Kubernetes to decrease the attack surface area.

  • Control Docker command access

    Add fine-grained control over which user should have access to run Docker commands on a per-environment basis.

  • Inject secrets safely into containers

    Cortex Cloud integrates with secrets management tools, like CyberArk and HashiCorp, to secure secrets and securely provide them to containers as needed.

  • Simplify policy enforcement with managed Open Policy Agent

    Simplify the creation of policy as code and enforce OPA’s decisions.

  • Automate and aggregate detailed logging

    Audit events for vulnerabilities, compliance violations and runtime events are automatically generated, collected and aggregated in a single, searchable dashboard.

Access control

Additional Cloud Runtime Security capabilities

AI-Driven Cloud Detection and Response (CDR)

Stop cloud attacks with real-time protection, detection and response.

Learn more

API Security

Discover, profile and protect APIs in real time.

Learn more

Cloud Workload Protection

With Cortex Cloud, you can secure hosts, containers and serverless deployments across the entire application lifecycle.

Learn more

Web Application Security

Protect web applications across any cloud-native architecture, public or private.

Learn more

Get the latest news, invites to events, and threat alerts