Kaspersky Container Security Advances DevSecOps with Enhanced Misconfiguration Detection and Custom Policy Features
Kaspersky has unveiled significant enhancements to its Container Security solution, aimed at bolstering development workflows while ensuring compliance and protection against sophisticated cyber threats. This latest release introduces features such as custom policy creation, full system configuration portability, and in-depth auditing capabilities, which are essential for organizations navigating the complexities of modern software development.
The Rise of Containerization and Its Challenges
Containerization has emerged as a cornerstone of contemporary software development, with adoption rates soaring to 98%. This technology enhances developer productivity, reduces infrastructure costs, and accelerates time-to-market. However, the rapid operational efficiency it offers is increasingly challenged by the growing complexity of cyberattacks and stringent regulatory compliance requirements. Kaspersky’s latest update to its Container Security (KCS) solution is designed to help organizations tackle these emerging challenges while preserving the advantages of container development.
KCS serves as a comprehensive solution that secures every phase of a containerized application’s lifecycle, available for both on-premise installations and isolated networks. The recent updates further tailor the solution to meet the specific needs of developers.
Custom Security Policies and Dynamic Admission Control
Organizations often depend on internal benchmarks and custom security regulations, frequently prioritizing their proprietary rules over default product settings. In response, KCS now supports the creation of custom policies for image assurance, dynamic admission control (DAC), and security benchmarking.
This flexibility allows users to implement unique, organization-specific policies alongside standard defaults, thereby reducing the burden on security teams and accelerating infrastructure integration. The ability to create custom security benchmark checks also enables organizations to adapt swiftly to local compliance changes or new regulatory requirements.
Import/Export Functionality for System Configuration
The new import/export feature allows users to export complete system configurations—including policies, agent groups, profiles, and other settings—facilitating backups or replication across different product instances. Users can generate the exported file as either an encrypted package or in an open format for manual editing before import.
This capability is particularly beneficial for large enterprises with complex, multi-site environments. For instance, if a subsidiary operates its own dedicated IT infrastructure, a configuration file can be exported from the central office and imported locally. This feature streamlines backup processes and simplifies the transfer of settings and policies across extensive deployments.
Enhanced Monitoring and Supply Chain Protection
The latest version of KCS introduces support for security agents on master nodes, enabling advanced control plane audits. This functionality allows for the detection of vulnerable configurations and potential compromises at the critical orchestration layer of the cluster, ensuring centralized security management through a unified console.
To address supply chain risks, the new release includes specific rules for identifying misconfigurations in GitHub Actions. Such misconfigurations—ranging from unsafe workflow triggers to improper handling of untrusted input data—can expose organizations to significant risks, including the hijacking of automated workflows and the injection of malicious code. Security teams can now detect and mitigate these vulnerabilities during GitHub repository scanning, either by integrating the KCS scanner into CI/CD workflows or operating it in standalone mode.
Additional Enhancements in KCS
The new KCS version brings several additional enhancements:
- 5x Node-Agent Performance Optimization: The updated implementation allows for the processing of hundreds of rules without impacting the pod’s CPU and memory consumption.
- 10x DAC Speed Optimization: An optional caching feature on the kube-agent side eliminates extra queries to the product core, accelerating DAC requests.
- Access Control for CI Scan Results: Users can now configure access to CI scan results based on their organization’s project visibility and isolation logic.
- Viewing SBOM in Image Analysis Details: Scanned container images can now be exported as a Software Bill of Materials (SBOM), simplifying integration with vulnerability management tools and ensuring full software supply chain traceability.
- Dynamic Agent Updates Without Redeployment: Instant group configuration changes eliminate the need for node-agent pod redeployments, allowing for real-time resource optimization during peak loads.
Anton Rusakov-Rudenko, Senior Product Marketing Manager for Cloud & Network Security at Kaspersky, emphasized the importance of flexibility in container security. He noted that the new capabilities in KCS are designed to meet the demands of modern DevOps, particularly the GitHub Actions scanning feature, which helps identify vulnerabilities in configuration code early in the development process. This proactive approach not only mitigates risks but also prevents potential delays in project timelines.
For further information on Kaspersky Container Security, please follow the link.
Source: www.tahawultech.com
Image Credit: Kaspersky
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
