Mondoo's new full-stack Kubernetes security answers with unrivaled detail and clarity: Can your Kubernetes infrastructure withstand attack?
Our long list of added capabilities includes:
Complexity and constant change make Kubernetes infrastructure increasingly difficult to secure. By revealing the relationships between overlapping technology layers and exposing risks through the entire development cycle and in production, Mondoo eases your Kubernetes security pains.
Back in May, the Mondoo team traveled to KubeCon EU in Valencia, Spain, armed with an initial Kubernetes security offering and a dream of making it easy to secure Kubernetes environments. As adopters of Kubernetes ourselves, we already had ideas for new capabilities to add. But when it comes to building products, it's far more important to listen than it is to talk. We couldn’t wait to meet the EU Kubernetes community and hear about their experiences and challenges.
As Red Hat recently reported, nearly 93% of organizations adopting Kubernetes have experienced a security incident in the past 12 months; the KubeCon attendees were eager to share their struggles. We learned that they faced day-to-day hurdles that made securing clusters difficult with their existing tooling.
Most attendees ran their Kubernetes clusters in cloud environments like AWS, Azure, or GCP. They faced the difficulty of tool sprawl: Assessing their Kubernetes security posture required one toolset, while identifying risks in the cloud infrastructure that Kubernetes runs on required another. Because their tooling didn't combine these infrastructure needs into a complete security solution, internal adoption was low.
KubeCon attendees also struggled with traditional Kubernetes security tooling's heavy focus on container images in container registries only. Users wanted to see the security stance of container images actively running in their clusters, as opposed to the security of legacy apps that hadn’t run for months.
Operations and security engineers had difficulty collaborating with their application engineer peers to improve security. Operations and security teams were responsible for the security of clusters, but they lacked the power to enact change. Securing workloads required collaboration and buy-in from development teams, but those teams weren’t aware of security standards or scan results.
Today, we’re introducing a number of significant enhancements to Mondoo’s full-stack Kubernetes security offering that allow you to continuously secure your complete Kubernetes infrastructure from development all the way to production:
One of the top concerns we heard from operations professionals was the inability to evaluate the security of changes before they reach production environments. Operations teams told us that they struggled with the lightning pace of development and deployment and could no longer security-test changes before they went into production clusters.
To save these teams from the avalanche of new changes, we’ve expanded Mondoo's ability to integrate into CI pipelines. Mondoo flags insecure workflows early in the development cycle:
In addition to these new features, we also deliver unique security policies to get you started quickly:
Many Kubernetes users have asked us how we make continuous assessment of the cluster state so easy. Our CLI supports scanning Kubernetes remotely and our operator makes it a snap to transition from a single scan to continuous scanning. Here's how:
We listened to Kubernetes users and delivered a solution that addresses their unique challenges: Mondoo's new full-stack Kubernetes security provides visibility, ease, and integration that no other security solution can offer.