Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

10/9/2020
12:25 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

StackRox and Robin.io Partner to Deliver Hardened Security, Compliance and Data Management for Stateful Applications on Kubernetes

StackRox Kubernetes Security Platform now available as a Robin.io enterprise application bundle

MOUNTAIN VIEW, Calif. – October 7, 2020 – StackRox, the leader in container and Kubernetes security, and Robin.io, the leader in Kubernetes data management, today announced a new partnership bringing together Robin’s application-focused approach to Kubernetes data management with StackRox’s industry-only Kubernetes-native security and compliance capabilities. Robin customers now have access to the StackRox Kubernetes Security Platform as a Robin application bundle, enabling easy, one-click deployment of container security to protect cloud-native applications across the full application life cycle — build, deploy, and runtime — in Robin-orchestrated Kubernetes environments.

The StackRox application bundle provides a simplified way to define and enforce security and compliance policies across enterprise Robin Cloud-Native Platform deployments for an added layer of visibility and control. Driven by joint customer demand, the companies undertook this development work, and Robin has tested and certified integration with the StackRox Kubernetes Security platform. With its Kubernetes-native architecture, StackRox enables organizations to operationalize security, lower operational risk, and reduce costs. Tapping StackRox to enhance DevSecOps practices and support security-as-code is critically important for teams using Robin to manage sensitive data for stateful applications on Kubernetes as these deployments become increasingly complex and vulnerable at scale.

“Deploying and scaling mission-critical applications on Kubernetes creates the need for automation and data management, and increases the attack surface,” said Ankur Desai, director of product, Robin.io. “We are seeing this dynamic especially play out with customers using Kubernetes to support commercial 5G rollouts and other large-scale deployments, where securing Day 2 operations are of the utmost importance. StackRox helps automate security and compliance for these systems and provides a crucial level of hardening to protect critical cloud-native assets and data.”

Robin customers running both stateful and stateless applications will benefit from the full range of Kubernetes security and compliance use cases that StackRox supports, including:

  • Visibility into cloud-native applications, including all images, container registries, Kubernetes deployment configurations, container runtime behavior, and more.
  • Vulnerability Management to identify vulnerabilities in images, containers, Kubernetes, and running deployments and prevent non-compliant builds.
  • Compliance providing continuous and on-demand checks on controls to meet CIS Benchmarks, NIST 800-190 and 800-53, SOC 2, PCI, and HIPAA.
  • Configuration Management to identify misconfigurations across images, containers, clusters, Kubernetes, and network policies, to prevent accidental misconfigurations that put application performance and security at risk.
  • Network Segmentation tapping the power of Kubernetes and Istio to enforce network policies. Visualize existing policies, simulate new ones, generate updated YAML files, and apply them directly to Kubernetes.
  • Risk Profiling leveraging Kubernetes deployment details to assess risk across entire environments and stack-rank assets to focus remediation efforts.
  • Threat Detection combining rules, whitelists, baselines, and behavioral modeling to identify threats at runtime in container environments.
  • Incident Response taking automated actions such as killing and restarting pods via Kubernetes to shut down attacks.

“Robin adds an application-centric control plane on top of Kubernetes to help enterprises manage the more complicated aspects of running modern, containerized applications. In much the same way, StackRox adds a Kubernetes-native layer of security to enforce policies that ensure risks, vulnerabilities and non-compliant assets will not create Day 2 operational challenges for these businesses,” said Hillary Benson, Head of Product, StackRox. “The combined value that StackRox and Robin deliver to enterprises that rely on secure Kubernetes data management capabilities, particularly those in the telecommunications and financial services sectors, will significantly improve their ability to scale advanced technologies, such as 5G, confidently and securely.”

To learn more about how the combination of Robin and StackRox can help simplify the deployment and security of containerized applications, tune into the companies’ joint webinar on October 22 at 10:00 am PDT. To request a StackRox demo for your own organization, please visit https://www.stackrox.com/request-demo/.

About StackRox

StackRox helps enterprises secure their containers and Kubernetes environments at scale. StackRox delivers the industry’s first and only Kubernetes-native container security platform that enables security and DevOps teams to enforce their security and compliance policies across the entire container life cycle, from build to deploy to runtime. The StackRox Kubernetes Security Platform integrates with existing DevOps and security tools, enabling teams to quickly operationalize container and Kubernetes security. StackRox customers span cloud-native companies, Global 2000 enterprises, and government agencies. StackRox is privately held and headquartered in Mountain View, California. To learn more, visit www.stackrox.com and follow us on Facebook, LinkedIn and Twitter.

About Robin.io

Robin.io provides an application and data management platform that enables enterprises and 5G service providers to deliver complex application pipelines as a service. Built on industry-standard Kubernetes, the Robin Cloud Native Platform allows developers and platform engineers to rapidly deploy and easily manage data- and network-centric applications — including big data, NoSQL and 5G — independent of underlying infrastructure resources. The Robin platform is used globally by companies including BNP Paribas, Palo Alto Networks, Rakuten Mobile, SAP, Sabre and USAA. Robin.io is headquartered in Silicon Valley, California. More at www.robin.io and Twitter: @robin4K8S. 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.