Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

10/9/2020
12:25 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

StackRox and Robin.io Partner to Deliver Hardened Security, Compliance and Data Management for Stateful Applications on Kubernetes

StackRox Kubernetes Security Platform now available as a Robin.io enterprise application bundle

MOUNTAIN VIEW, Calif. – October 7, 2020 – StackRox, the leader in container and Kubernetes security, and Robin.io, the leader in Kubernetes data management, today announced a new partnership bringing together Robin’s application-focused approach to Kubernetes data management with StackRox’s industry-only Kubernetes-native security and compliance capabilities. Robin customers now have access to the StackRox Kubernetes Security Platform as a Robin application bundle, enabling easy, one-click deployment of container security to protect cloud-native applications across the full application life cycle — build, deploy, and runtime — in Robin-orchestrated Kubernetes environments.

The StackRox application bundle provides a simplified way to define and enforce security and compliance policies across enterprise Robin Cloud-Native Platform deployments for an added layer of visibility and control. Driven by joint customer demand, the companies undertook this development work, and Robin has tested and certified integration with the StackRox Kubernetes Security platform. With its Kubernetes-native architecture, StackRox enables organizations to operationalize security, lower operational risk, and reduce costs. Tapping StackRox to enhance DevSecOps practices and support security-as-code is critically important for teams using Robin to manage sensitive data for stateful applications on Kubernetes as these deployments become increasingly complex and vulnerable at scale.

“Deploying and scaling mission-critical applications on Kubernetes creates the need for automation and data management, and increases the attack surface,” said Ankur Desai, director of product, Robin.io. “We are seeing this dynamic especially play out with customers using Kubernetes to support commercial 5G rollouts and other large-scale deployments, where securing Day 2 operations are of the utmost importance. StackRox helps automate security and compliance for these systems and provides a crucial level of hardening to protect critical cloud-native assets and data.”

Robin customers running both stateful and stateless applications will benefit from the full range of Kubernetes security and compliance use cases that StackRox supports, including:

  • Visibility into cloud-native applications, including all images, container registries, Kubernetes deployment configurations, container runtime behavior, and more.
  • Vulnerability Management to identify vulnerabilities in images, containers, Kubernetes, and running deployments and prevent non-compliant builds.
  • Compliance providing continuous and on-demand checks on controls to meet CIS Benchmarks, NIST 800-190 and 800-53, SOC 2, PCI, and HIPAA.
  • Configuration Management to identify misconfigurations across images, containers, clusters, Kubernetes, and network policies, to prevent accidental misconfigurations that put application performance and security at risk.
  • Network Segmentation tapping the power of Kubernetes and Istio to enforce network policies. Visualize existing policies, simulate new ones, generate updated YAML files, and apply them directly to Kubernetes.
  • Risk Profiling leveraging Kubernetes deployment details to assess risk across entire environments and stack-rank assets to focus remediation efforts.
  • Threat Detection combining rules, whitelists, baselines, and behavioral modeling to identify threats at runtime in container environments.
  • Incident Response taking automated actions such as killing and restarting pods via Kubernetes to shut down attacks.

“Robin adds an application-centric control plane on top of Kubernetes to help enterprises manage the more complicated aspects of running modern, containerized applications. In much the same way, StackRox adds a Kubernetes-native layer of security to enforce policies that ensure risks, vulnerabilities and non-compliant assets will not create Day 2 operational challenges for these businesses,” said Hillary Benson, Head of Product, StackRox. “The combined value that StackRox and Robin deliver to enterprises that rely on secure Kubernetes data management capabilities, particularly those in the telecommunications and financial services sectors, will significantly improve their ability to scale advanced technologies, such as 5G, confidently and securely.”

To learn more about how the combination of Robin and StackRox can help simplify the deployment and security of containerized applications, tune into the companies’ joint webinar on October 22 at 10:00 am PDT. To request a StackRox demo for your own organization, please visit https://www.stackrox.com/request-demo/.

About StackRox

StackRox helps enterprises secure their containers and Kubernetes environments at scale. StackRox delivers the industry’s first and only Kubernetes-native container security platform that enables security and DevOps teams to enforce their security and compliance policies across the entire container life cycle, from build to deploy to runtime. The StackRox Kubernetes Security Platform integrates with existing DevOps and security tools, enabling teams to quickly operationalize container and Kubernetes security. StackRox customers span cloud-native companies, Global 2000 enterprises, and government agencies. StackRox is privately held and headquartered in Mountain View, California. To learn more, visit www.stackrox.com and follow us on Facebook, LinkedIn and Twitter.

About Robin.io

Robin.io provides an application and data management platform that enables enterprises and 5G service providers to deliver complex application pipelines as a service. Built on industry-standard Kubernetes, the Robin Cloud Native Platform allows developers and platform engineers to rapidly deploy and easily manage data- and network-centric applications — including big data, NoSQL and 5G — independent of underlying infrastructure resources. The Robin platform is used globally by companies including BNP Paribas, Palo Alto Networks, Rakuten Mobile, SAP, Sabre and USAA. Robin.io is headquartered in Silicon Valley, California. More at www.robin.io and Twitter: @robin4K8S. 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.