Red Hat Advanced Cluster Security for Kubernetes
Introduction
Protecting cloud-native applications requires significant changes in how we approach security. We must apply controls earlier in the application development lifecycle, use the infrastructure itself to apply controls, provide developer-friendly guardrails, and keep up with increasingly rapid release schedules.
Red Hat® Advanced Cluster Security for Kubernetes, powered by StackRox, protects your vital applications across build, deploy, and runtime. Our software deploys in your Kubernetes infrastructure as a self-managed security solution or you can consume it as a fully managed Software-as-a-Service (SaaS). Additionally, it integrates with your existing DevOps tooling and workflows to deliver dependable security and compliance. The policy engine includes hundreds of built-in controls to enforce DevOps and security-focused practices based on industry standards such as Center for Internet Security (CIS), Benchmarks and National Institute of Standards Technology (NIST) guidelines, configuration management of both containers and Kubernetes, and runtime security.
Red Hat Advanced Cluster Security provides a Kubernetes-native architecture for platform and application security, allowing DevOps and InfoSec teams to operationalize security.
A Kubernetes-native security solution for cloud-native applications
Features and benefits
- Lower operational cost
- Guide development, operations and security teams towards a common set of Kubernetes-native security tooling and practices, and providing guardrails for individual users.
- Use Kubernetes-native controls across the build, deploy and runtime phases of the application for better visibility and management of vulnerabilities, policy and configuration violations, and application runtime behavior.
- Reduce the cost of addressing a security issue by catching and fixing it in the development stage (Shift Left).
- Reduce operational risk
- Align security and infrastructure to reduce application downtime using built-in Kubernetes capabilities, such as Kubernetes network policies for segmentation, and admission controller for security policy enforcement.
- Mitigate threats using Kubernetes-native security controls to enforce security policies, minimizing potential impacts to your applications and infrastructure operations. For example, using controls to contain a successful breach by automatically instructing Kubernetes to scale suspicious pods to zero or to delete then restart instances of breached applications.
- Increase developer productivity
- Actively scan for vulnerabilities in repositories, development pipelines and in production.
- Take advantage of Kubernetes and existing continuous integration and continuous delivery (CI/CD) tooling to provide integrated security guardrails supporting developer velocity while still maintaining the desired security posture.
- Synchronize updates and support with Red Hat OpenShift® releases, ensuring compatibility and up-to-date security features.
- Use Red Hat certified vulnerability data, ensuring higher accuracy and relevance for Red Hat OpenShift environments.
Detailed benefits
Area | Benefits |
Visibility |
|
Vulnerability management |
|
Compliance |
|
Network segmentation |
|
Risk profiling |
|
Configuration management |
|
Runtime detection and response |
|
Security policy guardrails |
|
Integrations |
|