Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Yonatan_Philip
Employee Alumnus
Employee Alumnus

CloudGuard Workload Protection public preview and upcoming GA announcement

 

CloudGuard Container Security Group is Pleased to Announce that Image Assurance & Admission Control features have successfully completed the EA cycle and have graduated to Public Preview status

 

Yonatan_Philip_6-1623774261461.png

Image Assurance

  • CloudGuard Image Assurance for Kubernetes analyzes container images at run-time to ensure that they are benign.
  • Our agents continuously check the cluster for deployed images and analyze them to find any Vulnerabilities, Exploits, Malware, Viruses, Trojans, Credentials Leakage, and other malicious behavior.
  • Administrators can use the pre-defined default policy or customize their own policy as to what constitutes an acceptable image.

 

Yonatan_Philip_7-1623774261481.png

Admission Control

  • CloudGuard Admission Controller determines which actions are allowed, giving the administrator granular control over what happens in his cluster.
  • The CloudGuard Admission Controller intercepts the requests to the Kubernetes API server before they take effect, and acts based on the defined policy which can be set either in block or detect. In block mode, only the permissible use cases are allowed to pass through. All other requests are immediately rejected with appropriate notification for both the end-user and the administrator. While the detect mode only notifies about policy violations.

 

Below are some of the Early Availability customer testimonials:

“We found value in Image Assurance. We discovered Large number of CVE/CWEs in our environment. We discovered leaked google API key within container image.”

“The tool covered all the security aspects… very capable to sanitize the Kubernetes environment.”

“I really like the features and think they would bring good value to our org… We require freedom to move fast with guardrails and good insights/oversight and K8s EA really achieves those goals in a simple "easy mode" way, and can see it only getting better with time“

 

A taste of what’s coming next:

Both Image Assurance and Admission Control will be released as GA at the end of June!

Our H2 highlights include releasing both our Runtime Protection and Threat Intelligence, and many new features such as Registry Scanning, Kubernetes Runtime Network Profiling, Kubernetes Audit Logs, and many more as well as adding support for VMWare Tanzu and OpenShift environments.

 

Related SKs/Documentation/Information

  • Watch a demo session given by Shay Levine and Yonatan Philip during the May the 4th  Check Mates event!
  • A brief overview of what the solution provides – check out the overview video here.
  • We encourage you to try out our new capabilities yourselves! You can either bring your own cluster or test out your skills with our DemoPoint.

 

(2)
Who rated this post