والتام، ماساچوست، 24 اکتبر 2022 /PRNewswire/ - آپتیک ها,
provider of the first unified CNAPP and XDR solution, today announced
enhanced Kubernetes and container security capabilities. These new
features provide threat detection for container runtime correlated with
the Kubernetes control plane attacks alongside scanning of container
images in registries for vulnerabilities, malware, credentials, secret
keys, and other sensitive information.
According to the latest Cloud Native Computing Foundation survey, 96%
of organizations are either using or evaluating Kubernetes — the highest
percentage since the surveys began in 2016.1 هنوز
many organizations are not prepared to detect threats against these new
deployments. “Kubernetes-orchestrated clusters are essentially ‘clouds
within clouds.’ The monitoring and visibility of the Kubernetes logs,
network flows and application behaviors within the cluster should be
baselined and analyzed for indications of compromise,” recommends
گارتنر2
Organizations can detect attacks against their Kubernetes deployments
by adopting a shift up approach to cybersecurity, in which telemetry
emanating from Kubernetes clusters and containers, laptops, and cloud
services is normalized at the point of collection, but processed,
correlated, and analyzed in a data lake.
Unlike siloed endpoint and cloud security solutions, Uptycs protects
the entire arc of cloud-native application development, from the
developer’s laptop to container runtime. “Threat actors know a
developer’s laptop is often just one hop away from cloud
infrastructure,” said Ganesh Pai, co-founder and CEO of Uptycs. “Uptycs
correlates risk signals from the modern attack surface for
lightning-fast, contextualized detection and response. We do this with
our unique, telemetry-powered approach and Detection Cloud. It’s a shift
up approach to cybersecurity that brings together multiple teams and
types of IT infrastructure into a unified data model and UI.”
“Our security team is organized around six domains, including threat
detection and response, risk and compliance, application security, data
security, infrastructure security, and enterprise security,” said Anwar Reddick,
Director of Information Security at Greenlight Financial. “Having a
single solution like Uptycs that traverses these domains, and
contextualizes threat activity across multiple asset types like
Kubernetes, cloud services, and laptops improves cross-domain
collaboration and insights. As a result, we’ve dramatically shortened
our threat investigation time.”
ویژگیهای امنیتی جدید Kubernetes و Container Runtime عبارتند از:
- شناسایی تهدیدات Kubernetes — Combines anomalous Kubernetes
actions with actions on a granular container lever, Uptycs is able to
observe in real-time and store the behavior for investigation; this
reduces mean time to detection (MTTD), collects forensic evidence for
investigation, and determines the full scope of the incident as it
اتفاق می افتد - اسکن رجیستری — Enables the ability to look for
vulnerabilities in container images in a registry; Uptycs supports many
registries, including AWS ECR, Azure Container Registry, DockerHub, and
jFrog Artifactory - اسکن مخفی - امکان جستجوی کلیدهای خصوصی، اعتبارنامه ها و سایر اسرار ذخیره شده در تصاویر کانتینر را فراهم می کند.
- بررسی های سخت شدن NSA/CISA — Ensures that Kubernetes
deployments are set up per the updated hardening guidance provided by
the U.S. National Security Agency and Cybersecurity and Infrastructure
Security Agency. For example, ensuring that pod security and network
security policies are in line with guidance
Uptycs fills in security visibility gaps with a single solution to
protect container-based applications, whether they are run on-premises
or in the cloud, from bare-metal to a serverless deployment. With
Uptycs, customers can identify vulnerabilities early in the process,
verify secure configurations, ensure compliance posture against
standards like CIS benchmarks for Linux and Docker, and continuously
monitor the runtime in production.
Uptycs به عنوان فروشنده نمونه برای Container و Kubernetes Security در این کشور شناخته شد چرخه هایپ گارتنر برای امنیت برنامه، 2022 و چرخه هایپ گارتنر برای امنیت شبکه و حجم کاری، 2022. علاوه بر این، Uptycs به عنوان فروشنده نمونه در گزارش گارتنر شناخته شد. فناوری نوظهور: CIEM برای امنیت Cloud و ارائه دهندگان IAM برای رقابت لازم است.
Uptycs will be at KubeCon + CloudNativeCon from Oct. 24 – 28, 2022 in Detroit, Michigan. To learn more, please stop by booth #G29 or visit: https://www.uptycs.com/lp-kubecon-2022-request-a-meeting
منابع
Gartner does not endorse any vendor, product or service depicted in
its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation.
Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact.
Gartner disclaims all warranties, expressed or implied, with respect to
this research, including any warranties of merchantability or fitness
برای یک هدف خاص
توجه: تمام ویژگی های جدید در سه ماهه چهارم سال 4 برای مشتریان Uptycs در دسترس خواهد بود.
درباره Uptycs
Your developer’s laptop is just a hop away from cloud infrastructure.
Attackers don’t think in silos, so why would you have siloed solutions
protecting public cloud, private cloud, containers, laptops, and
سرورها؟
Uptycs reduces risk by prioritizing your responses to threats,
vulnerabilities, misconfigurations, sensitive data exposure, and
compliance mandates across your modern attack surface — all from a single
platform, UI, and data model. This includes the ability to tie together
threat activity as it traverses on-prem and cloud boundaries, thus
delivering a more cohesive enterprise-wide security posture.
Looking for acronym coverage? We have that, too, including CNAPP,
CWPP, CSPM, KSPM, CIEM, CDR, and XDR. Start with your Detection Cloud,
Google-like search, and the attack surface coverage you need today. Be
ready for what’s next.
با Uptycs امنیت سایبری خود را ارتقا دهید. یاد بگیرید چگونه در: https://uptycs.com
1 بنیاد محاسبات بومی ابری، نظرسنجی سالانه CNCF، فوریه 2022 https://www.cncf.io/reports/cncf-annual-survey-2021/
2 Gartner, “How to Make Cloud More Secure Than Your Own Data Center,” Neil MacDonald, Tom Croll, April 2021 https://www.gartner.com/document/3970177
SOURCE: آپتیک ها
