By Haim Helman, CTO/Co-Founder of Octarine
As organizations embrace Kubernetes for developing and deploying applications, they also embrace its philosophy of configuration-as-code. Resources in Kubernetes are created based on specifications defined by the application developers. This new paradigm has given development teams a great deal of independence and agility, resulting in much shorter times to market for applications.
However, giving power to developers creates the need to monitor and enforce policy over those configuration changes to ensure that they do not introduce new security vulnerabilities that, when exploited, could not only compromise a single application but also potentially the cluster as a whole. In a worst-case scenario the entire network in which it resides is also at risk.
Octarine enables organizations to obtain enterprise-grade network security for their Kubernetes- orchestrated applications, without slowing down the development and deployment process. The Octarine GuardrailTM has policy-based reporting and enforcement of the organization’s security posture across all workloads deployed in Kubernetes clusters, empowering organizations to detect and fix security risks before they become an issue. Find out how Octarine empowers organizations to scan for risks and take action on them before they cause vulnerabilities, in this whitepaper download.
Octarine monitors objects that may create vulnerable containers, and scans for security risks in Kubernetes. By integrating with the cluster’s API server, Octarine is notified of any change to any object. When a change is made, Octarine determines whether that change affects the cluster’s security posture and if it does, determines the appropriate action based on the rules that apply to the object in question. The diagram below shows how Octarine does this:
In every organization different workloads warrant specific security policies. For example, workloads that access customer data are subject to different compliance needs than workloads that handle medical records, but they both need to be secure. Octarine allows the security team to apply the right level of protection to each workload by supporting multiple policies. Each policy determines what Octarine will do with every potential security trigger – it will either ignore it, alert on it or block it. Octarine provides templates covering common compliance use cases such as the CIS Benchmark. These templates can be used as-is or tweaked by the user.
Octarine provides the visibility and control that devops and security teams need in order to ensure that their Kubernetes clusters and the applications deployed on them are secure and comply with all mandates and regulations in their line of business. Octarine does that with a simple, no-friction deployment process and a user-friendly platform that covers any Kubernetes cluster on any public cloud or on-premise deployment.
For more on how Octarine gives developers the freedom to develop with agility without compromising network and container security download this whitepaper. Find out how Octarine empowers organizations to scan for risks and take action on them before they cause vulnerabilities, download here or: