Announcing the General Availability of Octarine: The Continuous Security Solution for Kubernetes Workloads

​By: CEO, Shemer Schwarz

Enterprise journeys to transform applications into “cloud native” ones require a corresponding transformative journey in security. So today, we are proud to announce that we have released the general availability of Octarine, the continuous security and compliance platform for Kubernetes workloads. 

Over the past two years we’ve been working with early customers to address their pain points. What we have found is that, while many have turned to security solutions that focus primarily on container image scanning, significant gaps and blindspots remain throughout the orchestration layer. Scanning is simply not enough. How can an organization know if it is being attacked when 70% percent of network traffic now occurs within the cluster? How do you maintain control of network communications and protect ingress and egress traffic? Traditional IDS and anomaly detection systems are virtually blind to attacks within a Kubernetes cluster.

Octarine enables organizations to embed DevSecOps into the complete Kubernetes application development lifecycle, beginning in pre-production and throughout runtime. We approach the solution with two areas of focus: Octarine Guardrails for compliance and protection of code and configurations, and Octarine Runtime for protecting traffic and communications within the network, which we approach by introducing network visibility and threat remediation via a service mesh. 

Our platform has already helped early customers, including global financial organizations, IoT leaders, SaaS providers, and the Fortune 100 in securing their complete application development lifecycle. We are excited to continue to do so around the globe. 

Octarine Guardrails: Compliance and Policies for DevSecOps

Kubernetes is becoming “the OS of the data center” and each and every developer is now responsible for configuring the network, permissions, resource limits and admin rules for each one of these workloads. These are critical responsibilities that were highly guarded by the Ops and Security teams in the monolithic world, but they now lie in the distributed hands of each application developer. They have become the first line of defense against attacks. 

However most developers are not fully aware of the security implications and are typically measured by the speed of development and robustness of their apps. As anyone that has ever coded knows, it is much easier and faster to get things working with full access and permissions, bypass network configurations and gain root access than it is to ensure an application is secure and compliant. 

Octarine Guardrails enables the safe and secure delivery of Kubernetes workloads with compliance policies for CI/CD and development pipelines, and generates the reports needed for compliance and incident response. It allows customers to enforce and automate compliance policies based on NIST, CIS, or custom benchmarks in order to support agile delivery to Kubernetes clusters that is safe, secure, and compliant from Day 0. This is typically the first way in which customers engage with the Octarine suite of security measures.

Octarine Runtime: Service Mesh Security for Network Traffic  

At runtime, organizations need to be able to detect and protect against threats that include code and SQL injections, data exfiltration, remote command execution, and privilege escalations. Octarine addresses network security by taking a unique service mesh approach to address runtime communications. 

In this service mesh, Octarine builds on top of the basic encryption, authentication and authorization capabilities many advanced intrusion detection and prevention functions such as anomaly detection, signature-based threat detection and layer-7 network policy automation for segmentation, access control and egress firewalling. All these functions are integrated into a rich user interface which provides visibility of all network activity in the cluster. Octarine further operationalizes and extends security to any service mesh that utilizes Envoy, such as Istio. For those customers that don’t use a service today today, we offer a lightweight, Envoy-based data plane. 

Today I am thankful for the Octateam, our customers, design partners, technical advisory board and investors who joined forces to create a new security platform that enables organizations to take the journey to cloud-native by transforming security and securing Kubernetes applications. 

I am personally grateful to each and every one of you!

For more on our launch, please read our press release here.