Container Security Software Overview
What is Container Security Software?Because of their relative number of abstraction layers, containers pose a relatively large number of vulnerability issues. Container security (or Kubernetes security) software scans containers for vulnerabilites and policy-violations, and provide remediation. Container security applications provide policy-based orchestration, starting with scanning and discovery for containers and images.
Features of Container Security SoftwareContainer security software provide the following features:
- Full container stack scanning
- View metadata for container and images
- Image vulnerability detection
- Container application performance tracking
- Centralized policy management
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicatin…
Aptible Deploy (formerly Aptible Enclave) is a container orchestration platform built for developers that automates security best practices and controls needed for deploying and scaling Dockerized apps in regulated industries. Aptible Deploy is ISO 27001-certified and can be used to support requirem…
Threat Stack is a cloud security option from the company of the same name in Boston, Massachusetts, providing vulnerability assessments of cloud assets, container security, and other features.
IBM Cloud™ Data Shield enables users to run containerized applications in a secure enclave on an IBM Cloud Kubernetes host, providing data-in-use protection.
StackRox, headquartered in Mountain View, offers their containerized, cloud-app security platform for monitoring container access and privileges, and locating and eliminating potential vulnerabilities in containerized app infrastructure.
Cloud security company Qualys offers the Qualys Countainer Security (CS) application.
Sysdig headquartered in San Francisco offers the Sysdig Platform, providing end-to-end container vulnerability management, threat blocking, and container application security.
Aqua Security headquartered in Tel Aviv offers the Aqua Cloud Native Security Platform, providing full lifecycle security for server-less containerized applications.
Encryption and data protection specialist Thales eSecurity headquartered in San Jose offers Vormetric Container Security, encrypting and securing access to containerized applications and data.
Jetstack Preflight helps users understand their Kubernetes environments by constantly scanning for mis-configurations that may be opening security holes, causing costly excess resource usage or making a cluster harder to maintain. Preflight checks the environment against policy rules, developed by t…
cert-manager is an open source software for machine identity automation in cloud native environments. It aims to make it easy for developers to secure applications in Kubernetes and OpenShift platforms, automating X.509 certificate issuance and renewal from a certificate provider of choice.
Twistlock headquartered in Portland offers container application security platform, providing container vulnerability management, runtime management, access control, and other features.
Snyk is a software composition analysis tool designed to find vulnerabilities in source code stored in repositories like GitHub, or to provide container security and vulnerability protection.
Designed for the cloud, in the cloud, BMC Helix Cloud Security (formerly TrueSight Cloud Security) is designed to take the pain out of security and compliance for cloud resources and containers. The product provides cloud security scoring and remediation for public cloud services from Amazon Web Ser…
DivvyCloud protects cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges by using automation and real-time remediation to ensure continuous security and compliance. Rapid7 announced their intent to acquire DivvyCloud April 2020.
Lacework in San Jose delivers security and compliance for the cloud. The Lacework Cloud Security Platform is cloud-native and offered as-a-Service; delivering build-time to run-time threat detection, behavioral anomaly detection, and cloud compliance across multicloud environments, workloads, contai…
Docker containers make it easy to develop, deploy, and deliver applications where containers can be deployed and brought down in a matter of seconds. This flexibility makes it very useful for DevOps to automate deployment of containers. Symantec Data Center Security: Server Advanced provides agent-l…
The Trend Micro Deep Security Smart Check for container security helps DevOps teams adopt frictionless security with immediate, continuous scanning for threats, vulnerabilities, and secrets, as well as provides dashboard visibility, notifications, and scanning logs for compliance assistance.
The Aporeto Security Platform is a network and microservices application, from Aporeto in San Jose, providing enterprise network and container security.