StackRox Extends Kubernetes Security Platform Reach

StackRox today unveiled an update to its StackRox Kubernetes Security Platform that, in addition to adding support for additional container operating systems and image registries, now provides integration with security information event management (SIEM) and incident management platforms.

StackRox also announced support for the Istio service mesh and availability of its software on various cloud marketplaces run by Amazon Web Services (AWS), Google and Red Hat.

In terms of container operating systems, StackRox is now adding support for GCOS, the default operating system for Google Kubernetes Engine (GKE). That capability is being enabled by a new ability to collect system-level data at runtime using extended Berkeley Packet Filter (eBPF), a native Linux in-kernel virtual machine that reduces data processing overhead.

In terms of image registries, StackRox now supports the Azure Container Registry that Microsoft makes available as part of the Azure Kubernetes Service.

Finally, StackRox now integrates with SIEM platforms from Splunk and Sumo Logic and the incident management platform from PagerDuty.

Wei Lien Dang, vice president of product at StackRox, says that while the company remains squarely focused on securing Kubernetes clusters wherever they are deployed, customers want StackRox to integrate its platform with the security platforms they already have deployed.

StackRox is part of a growing number of security vendors making a case for a dedicated, programmable Kubernetes security platform. As more responsibility for cybersecurity shifts left on to the shoulders of developers, legacy platforms designed for cybersecurity professionals relying on a graphical user interface (GUI) are not applicable within the context of a DevSecOps process. Cybersecurity professionals may still define the policies that need to be implemented, but responsibility for implementing those policies will be left in the hands of DevOps teams.

Unfortunately, cybersecurity concerns remain the primary inhibitor to Kubernetes adoption, not because of the issues with the platform but rather the absence of clear-cut processes for managing cybersecurity. As it stands today, the adoption of best DevOps processes is still uneven. The number of organizations that have extended DevOps into the realm of cybersecurity is still relatively slight.

However, as more organizations come to appreciate the fact that cloud-native applications based on containers are easier to update than monolithic applications that rely on cumbersome patch management processes, the number of cybersecurity professionals comfortable with platforms such as Kubernetes should increase.

In the meantime, rather than trying to avoid cybersecurity professionals, DevOps teams would be well-advised to engage them proactively. Most cybersecurity professionals are instinctively not going to trust new IT platforms that from their perspective have yet to be vetted properly. DevOps teams are faced with making sure cybersecurity professionals understand the inherent cybersecurity benefits of containerized applications because most of them are simply too overwhelmed securing their existing IT environment to learn about something new. Of course, the irony is, the primary reason they are so overwhelmed has a lot to do with the monolithic nature of the applications they are trying secure.

Mike Vizard

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 660 posts and counting. See all posts by Mike Vizard