StackRox + AWS + Kubernetes – A look inside our Security Hub integration

by The Container Security Blog on StackRox on October 30, 2020

StackRox partners with AWS on many fronts, in large part because so many StackRox customers run our platform in their Amazon Elastic Kubernetes Service (EKS) environments. As the world’s most popular managed Kubernetes service, EKS – like all other AWS services – operates under a shared responsibility model for security.

AWS takes responsibility for the security of their cloud services such as EKS. AWS customers are responsible for security in the cloud, including ensuring that the container images running in EKS are free of serious vulnerabilities, deployments are configured securely, and workloads are protected at runtime. StackRox helps customers address their share of the security responsibility when running Kubernetes clusters in EKS or EC2. Customers leverage StackRox to securely accelerate their Kubernetes adoption in AWS by addressing their most critical container security use cases, including:

Vulnerability management – detects and prevents vulnerabilities at build stage with CI/CD integration and automation, while monitoring running deployments for newly discovered vulns
Configuration management – ensures that workloads and infrastructure components are free of misconfigurations by providing automated configuration checks
Compliance – provides standard-specific checks across CIS Benchmarks, NIST, PCI, and HIPAA, with one-click evidence reporting for compliance/audit
Runtime detection – monitors runtime activity to identify suspicious behavior or threats, including malicious process executions and network communication, cryptomining, malware installation, and privilege escalation, using a combination of rule-based/heuristic methodologies and behavioral modeling and baselining

Definitive Guide to EKS Security

Download to learn how to secure your EKS deployments starting with building secure images until your containerized workloads are running and beyond.

Download Now

In this post, we’re taking a closer look at our integration with AWS Security Hub.

AWS Security Hub makes it easier for our joint customers to get a comprehensive overview of their overall Kubernetes security status. By getting StackRox data within the Security Hub, customers save time and effort processing and mitigating high-priority security alerts across all their AWS accounts. Better yet, customers get this integrated view regardless of where their container and Kubernetes environments are running – on Amazon EKS or self-managed Kubernetes on EC2.

Sponsorships Available

With this integration, customers running the StackRox Kubernetes Security Platform on AWS can now

aggregate, organize, and prioritize security violations (or findings) across build, deploy, and runtime phases of their containerized applications
gain granular visibility into security findings and identify security threats faster
enable a single pane of glass for security investigations and forensics
identify, investigate, and prioritize the most important issues by grouping and correlating security findings with Insights
extend the value of AWS Security Hub by adding container and Kubernetes security capabilities

This integration is one of many examples of our close work with AWS. StackRox is an Advanced Tier Technology Partner, with Containers Competency, and many of our joint customers leverage our availability on the AWS Marketplace, including support for Private Offers. We support deployments of Kubernetes on EC2 as well as in Amazon EKS, and we integrate with Amazon Elastic Container Registry (ECR) for vulnerability management in the build phase.

More Kubernetes workloads run on Amazon EKS than any other platform, and more StackRox customers run Kubernetes using Amazon EKS than any other mode – self-managed, other cloud services, or other distributions. Joint customers include Aptos, Athene, Greenlight, Informatica, Splunk, Sumo Logic, and Vlocity, to cite just a few.

Informatica recently joined AWS on a webinar to talk about the power of the StackRox Kube-native architecture for securing Amazon EKS. With AWS taking care of managing and updating the Kubernetes control plane, the Informatica team has been able to focus instead on securing their containers, Kubernetes configuration, and customers’ data, with the help of StackRox.

“Deploying in Amazon EKS lets us offload as much of the management work of running Kubernetes as possible,” says Pathik Patel, head of cloud security for Informatica. “By tying into Kubernetes and AWS services, StackRox takes that benefit of offloading our team and extends it into how we secure our systems. StackRox enables direct feedback on builds to our dev teams, in the systems they’re already using, and it provides low-friction security across our dev pipeline and our operations. Having all those capabilities so tightly integrated with Amazon EKS means we gain major staff efficiencies across our security processes.”

As Informatica’s Patel calls out, to be effective, security for containers and Kubernetes has to fit into the DevOps workflows and tooling. This integration of the StackRox platform with AWS Security Hub is just one more way that StackRox enables that seamless workflow. We’d love to show you the StackRox platform in action, in Amazon EKS or any other Kubernetes deployment – sign up for your personal demo here. StackRox Security Platform is also available on the AWS Marketplace StackRox Security Platform.