Review: How StackRox protects containers

StackRox fully integrates with Kubernetes so that it touches all three phases of containerization deployment: the building of the containers, the deployment of them into the cloud infrastructure, and finally the running of those containers as they perform their intended functions.

Current Job Listings

With the rise of cloud computing and later DevOps, containerization has never been more popular. But cybersecurity has yet to fully catch up. Even security applications designed to work natively in the cloud have trouble protecting the most popular containerized environments, where the infrastructure is more like a series of tiny clouds that are all interconnected, yet independent from one another. To fully protect that kind of environment requires a defensive tool specifically created to navigate those intricacies.

StackRox was designed to do just that. It fully integrates into any containerized cloud environment through the Kubernetes open source container orchestration system, basically becoming part of the cloud container infrastructure itself. Those who have worked with Kubernetes know that the system groups cloud containers into logical units to help with discovery of the environment and management of the containers. Integrating StackRox with Kubernetes is pretty smart, because Kubernetes does a lot of the legwork in simplifying container deployments. StackRox then adds a visual layer to the code, and an easy way to automatically deploy rules to protect containers and monitor to ensure that nothing is being exploited.

The StackRox program is housed on its own server within the cloud, though that mostly serves to power the frontend user interface. It fully integrates with Kubernetes so that it touches all three phases of containerization deployment: the building of the containers, the deployment of them into the cloud infrastructure, and finally the running of those containers as they perform their intended functions.

Because StackRox could be used to protect a potentially unlimited number of containers, pricing is instead based on a yearly subscription model where users pay based on a more static setting, namely how many nodes they are running.

Testing StackRox

We looked at StackRox running in a typical containerized cloud environment. Starting with the creation of a new container, StackRox saw what we were doing and suggested several best practice security policies from a list of 66 that it comes with out of the box. Creating a new policy or modifying an existing one is extremely easy. You can then run benchmarks against the new container to see if deploying it will violate any existing network policies or compliance standards.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.