StackRox this week released an update to its security platform that adds a timeline view that makes it easier to track the pattern of a cyberattack as it evolves on a Kubernetes cluster.
Wei Lien Dang, chief strategy officer for StackRox, says the latest release of the StackRox Kubernetes Security Platform makes it easier to surface insights using historical data that can be employed to prevent future similar attacks. That’s especially critical at a time when cybersecurity attacks are becoming more complex. Not only may malware lay dormant for a long period of time, but sophisticated instances of malware are also now capable of launching multiple types of attacks, otherwise known as a polymorphic attack, once it is activated.
In addition to timeline views, the latest release adds container-specific compliance checks for the SP 800-53 controls defined by the National Institute of Standards and Technology alongside existing support for the NIST SP 800-190 specification.
StackRox is also making it easier to apply and enforce policies more flexibly by enabling the use of Boolean operators to add and combine different criteria within each policy.
Finally, StackRox has added an Analyst Notes capability that makes it possible to annotate metadata generated by alerts and relevant security events in a way that allows them to be shared among analysts and incident responders.
Dang says that as Kubernetes adoption grows the processes being applied to secure the platform are becoming more sophisticated. Teams of cybersecurity and IT teams are now defining best practices for securing Kubernetes platforms, he notes.
At the same time, developers are adopting tools that identify potential security issues as they write code. That approach minimizes potential vulnerabilities, however, given the dynamic nature of containerized applications it’s still critical to protect runtime environments on Kubernetes clusters, says Dang.
As adoption of containers and Kubernetes continues to grow, IT teams are becoming more cognizant of the need for a different methodology to secure containers and Kubernetes clusters. Given the rate at which containers are added and replaced, legacy approaches that depend on cybersecurity teams to apply controls are not able to keep pace with the rate of change occurring. As a result, responsibility for implementing controls is shifting left toward developers as organizations embrace DevSecOps practices. Cybersecurity teams still need to define controls and then verify they have been properly implemented. However, developers are now being held accountable to make sure the right controls have been embedded within their applications before they are deployed. To drive those DevSecOps processes, organizations need to adopt new tools and platforms.
Less clear is the degree to which DevSecOps processes that are required to secure containerized applications will permeate the rest of the application environment. The percentage of applications deployed on Kubernetes platforms in the enterprise is still relatively small. As such, IT teams that deploy Kubernetes clusters are often defining their set of best practices for securing and managing them.
Regardless of the platform employed, cybersecurity in the enterprise is evolving quickly. In fact, it’s arguably the adoption of containers and Kubernetes clusters that ultimately forces organizations to have a long-overdue conversation about how best to define and embrace best DevSecOps practices.