CloudGuard Container Security Group is Pleased to Announce that Image Assurance & Admission Control features have successfully completed the EA cycle and have graduated to Public Preview status
Image Assurance
- CloudGuard Image Assurance for Kubernetes analyzes container images at run-time to ensure that they are benign.
- Our agents continuously check the cluster for deployed images and analyze them to find any Vulnerabilities, Exploits, Malware, Viruses, Trojans, Credentials Leakage, and other malicious behavior.
- Administrators can use the pre-defined default policy or customize their own policy as to what constitutes an acceptable image.
Admission Control
- CloudGuard Admission Controller determines which actions are allowed, giving the administrator granular control over what happens in his cluster.
- The CloudGuard Admission Controller intercepts the requests to the Kubernetes API server before they take effect, and acts based on the defined policy which can be set either in block or detect. In block mode, only the permissible use cases are allowed to pass through. All other requests are immediately rejected with appropriate notification for both the end-user and the administrator. While the detect mode only notifies about policy violations.
Below are some of the Early Availability customer testimonials:
“We found value in Image Assurance. We discovered Large number of CVE/CWEs in our environment. We discovered leaked google API key within container image.”
“The tool covered all the security aspects… very capable to sanitize the Kubernetes environment.”
“I really like the features and think they would bring good value to our org… We require freedom to move fast with guardrails and good insights/oversight and K8s EA really achieves those goals in a simple "easy mode" way, and can see it only getting better with time“
A taste of what’s coming next:
Both Image Assurance and Admission Control will be released as GA at the end of June!
Our H2 highlights include releasing both our Runtime Protection and Threat Intelligence, and many new features such as Registry Scanning, Kubernetes Runtime Network Profiling, Kubernetes Audit Logs, and many more as well as adding support for VMWare Tanzu and OpenShift environments.
Related SKs/Documentation/Information
- Watch a demo session given by Shay Levine and Yonatan Philip during the May the 4th Check Mates event!
- A brief overview of what the solution provides – check out the overview video here.
- We encourage you to try out our new capabilities yourselves! You can either bring your own cluster or test out your skills with our DemoPoint.