DEVOPSdigest

CloudPassage announced expanded container-related security capabilities for its Halo cloud security platform.

A range of Halo's capabilities have been extended to Docker and Kubernetes environments hosted in public clouds or on-premises, including configuration security assessment, vulnerability management, log event inspection, threat detection, and compliance monitoring. These capabilities support generic Docker hosts, Kubernetes nodes, and AWS Elastic Container Service (ECS) instances. Halo now also provides API-based security posture management (CSPM) for AWS Elastic Kubernetes Service (EKS) and AWS Elastic Container Registry (ECR).

These new features extend the ability of infosec teams to use Halo to maintain security and compliance in dynamic, diverse, and distributed cloud computing environments. The Halo security platform unifies and automates security controls and compliance across servers, containers, and IaaS resources in any mix of public, private, hybrid, and multi-cloud environments.

"Enterprises of all sizes are increasingly using containers to take advantage of the speed, efficiency, portability, and scale benefits they deliver. However, containers' ephemeral nature and ability to run virtually anywhere can create challenges for information security teams tasked with universal computing asset security," said Carson Sweet, CloudPassage CEO and cofounder. "These new features further extend Halo's unified capabilities to address the market need to do more with a single unified platform."

Details of these capabilities include:

- Automatic log event inspection for Docker hosts and Kubernetes nodes that enables event-based intrusion detection, administrative access auditing, and compliance-related event collection (including policy templates)

- Configuration security and compliance monitoring for Docker hosts, ECS instances, Kubernetes nodes, Fargate deployments, and ECR instances (including policy templates)

- File integrity monitoring for Docker hosts, ECS instances, and Kubernetes nodes that enables intrusion detection and configuration drift (including policy templates)

- Network traffic discovery for Docker hosts, ECS instances, and Kubernetes nodes

- Automatic seek-and-scan of Docker images when unknown images launch on monitored Docker and Kubernetes hosts to ensure every running image is scanned and unknown—or "rogue"—images are detected

- Kubernetes-native DaemonSet support automates deployment of the Halo microagent on every Kubernetes node for easy security management (includes Helm chart support)

- Additional enhancements including Halo API updates to include all new capabilities for integration with downstream workflows and a Halo Portal overview dashboard that summarizes and highlights data for container-specific security use cases