Insight by Red Hat

Red Hat’s new security offering, StackRox, can help agencies get to zero trust faster

This content has been provided by Red Hat.

President Joe Biden’s recent cybersecurity executive order focused heavily on encouraging agencies to adopt a zero trust security posture. With a number of rapid-paced deadlines to keep them moving forward, agencies need to figure out, in a hurry, how to achieve that goal. Luckily, there are a number of private sector partners prepared to help them do just that.

That’s why Red Hat recently acquired StackRox, a Kubernetes native, runtime analysis cybersecurity application that can allow agencies to monitor the current behavior of their systems, tailor security controls and policy accordingly and integrate and enforce policy into new or existing workflows.

“A good example of that for StackRox is the ability to scan the network policies and Kubernetes, centrally observe the network as configured, decide if it’s got too much access for the types of workloads that are currently deployed and recommend changes to the network policy, to limit the network policy and limit access for those workloads accordingly,” said Michael Epley, chief architect and security strategist, Red Hat. “So it’ll recommend those changes and can even automate applying those changes to your systems. And so as your workloads change, if you deploy new workloads onto the platform, it can open up or close down network access accordingly. That’s because when we’re doing this runtime analysis, we’re actually watching how the system is used by our customers and users.”

A significant amount of security applications can provide and enforce policies out of the box. Although this may be secure, it is can also be restrictive to developers and administrators. Enforcing policies without organizational knowledge may leave teams in the dark about their systems and waste time determining if these policies are relevant.

For almost 30 years Red Hat has worked with organizations and open source leaders to address the problem of secure defaults and their implementation. Red Hat acquired StackRox, knowing that it is complementary to their existing security offerings and able to elevate them even further. Red Hat’s offerings follow a “hardened by default” security approach, focusing on support and guidance, along with recommending further security best practices to its users. Giving actionable, insightful recommendations accelerate security adoption with observable policies and practices.

Runtime tools like StackRox help fill in the gaps by automating that process of adapting security controls to currently running environments.

“StackRox is the first Kubernetes native solution for this purpose, so it operates against the Kubernetes API objects,” Epley said. “As opposed to trying to bypass those and interact with lower level system features or operating system components, that means it’s decoupled from the underlying hardware and infrastructure and operates in.”

Utilizing the declarative nature of static objects in parallel with kernel and runtime enforcement allows for developers to work solely in YAML and policy objects while the enforcement and monitoring happen at a different layer.

This enables scalable and intuitive policy for developers, operations and security teams. This means StackRox can contribute to a zero trust security posture if administrators enforce its out-of-the-box policies. It analyzes the system, looks at the available access and determines if there’s any over-privileged access. If so, it then makes recommendations to that policy to restrict that access to the minimum surface area necessary to enable the applications that are actually operating, so all other access can be removed.

StackRox also works well in concert with Advanced Cluster Manager, Red Hat’s hybrid cloud management tool. In fact, Red Hat is rebranding StackRox as Advanced Cluster Security, and bundling it together with Advanced Cluster Manager and Quay under the OpenShift Plus platform.

“We are providing a bundle of products that I would describe as the minimum for enterprise use. Cluster Manager is a multi-cloud or multi-cluster manager and the whole idea is to apply consistent policy and consistent enforcement across a bunch of different deployments of Kubernetes or OpenShift,” Epley said. “This means that the network policy analyzer — StackRox — will provide that least privilege across your entire infrastructure, any cluster that is enrolled in that cluster manager, and then report back the security and compliance posture of this you can have confidence that your systems are operating as you expect.”

Because that kind of compliance and reporting has always been a big part of government cybersecurity, and automating those processes means agencies can do it faster, and keep up with the pace of innovation, development and deployment. Using the same scanners as the registry and container supply chain removes risk of downstream false positives to further accelerate accreditations.

Red Hat is also working to integrate StackRox with MITRE’s ATT&CK framework, which is essentially an index of real world examples and real world usage of attackers and their methodologies. That data is taken from threat sensors and reports, and will allow StackRox to tailor its responses to focus on the most likely threats to occur.

And StackRox approaches these integrations from a DevOps perspective.

“These tools will help prevent misconfigurations and rework that might be necessary to fix or repair forced outages,” Epley said. “The earlier we can do that in a process and then push that awareness to our app owners, the better. That allows us to provide that effective security control without having to worry about everybody being an OpenShift or Kubernetes expert.”

Comments