Creation of customized insurance policies, full system configuration portability, in-depth audit of the management aircraft cluster and provide chain assault prevention – the brand new launch of Kaspersky’s safety resolution for containerized environments accelerates improvement and compliance workflows whereas safeguarding infrastructure towards refined cyberthreats.
Containerization is the brand new normal for contemporary software program improvement. Its capacity to spice up developer productiveness, lower infrastructure prices and speed up time-to-market has pushed company adoption charges to 98% immediately. Nonetheless, the operational pace and effectivity gained with this expertise could be severely hindered by the rising quantity and complexity of cyberattacks, alongside strict regulatory compliance calls for. The most recent replace to Kaspersky Container Safety (KCS) has been designed to assist companies handle rising challenges whereas sustaining the core benefits of container improvement.
KCS is a specialised, all-in-one resolution that protects each stage of a containerized software’s lifecycle and is offered for each on-premise installations and remoted networks. The brand new launch makes it much more handy and tailor-made to builders’ wants.
Customized safety benchmarks, Dynamic Admission Controller (DAC) and assurance insurance policies
Firms typically depend on inside benchmarks and customized safety rules, often trusting their proprietary guidelines over built-in product defaults. Addressing this want, KCS now permits the creation of customized insurance policies for picture assurance, dynamic admission management (DAC) and safety benchmarking.
Enabling customers to implement distinctive, organization-specific insurance policies alongside out-of-the-box defaults reduces the workload on safety groups, accelerates infrastructure integration and strengthens their general safety posture. Moreover, the flexibility to construct customized safety benchmark checks permits organizations to adapt sooner to native compliance shifts or newly launched regulatory necessities.
An import/export of system configuration
Customers can now export the whole system configuration (together with insurance policies, agent teams, profiles and different settings) for backups or replication throughout different product situations. The exported file could be generated both as an encrypted package deal or in an open format for handbook modifying previous to import. The brand new import/export functionality is particularly helpful for giant enterprises with advanced, multi-site environments. If a subsidiary operates its personal devoted IT infrastructure impartial of the guardian firm, a configuration file could be exported from the central workplace and imported regionally by the subsidiary. This characteristic streamlines backup routines whereas simplifying the switch of settings and insurance policies throughout large-scale deployments for safety specialists.
Expanded monitoring and superior safety
Safety brokers at the moment are supported on grasp nodes, enabling superior management aircraft audits. This functionality detects weak configurations and potential compromises on the cluster’s important orchestration layer, making certain centralized safety management of all the infrastructure by way of the unified administration console.
To mitigate provide chain dangers, the brand new launch introduces devoted guidelines for detecting GitHub Actions misconfigurations. Such misconfigurations, together with unsafe workflow triggers, improper dealing with of untrusted enter information and insecure versioning insurance policies, can permit attackers to hijack automated workflows, inject malicious code into manufacturing builds or compromise infrastructure keys. Safety groups can detect and mitigate these dangers throughout GitHub repository scanning, whether or not by embedding the KCS scanner into CI/CD workflows or working it in standalone mode.
Further enhancements launched within the new KCS model embody:
- 2.5x node-agent efficiency optimization. The brand new implementation allows the processing of a whole lot of guidelines with zero impression on the pod’s CPU and reminiscence consumption.
- 10x DAC pace optimization. An non-compulsory scan outcome caching characteristic has been added to the kube-agent aspect. This eliminates extra queries to the product core and accelerates DAC request.
- Entry management for CI scan outcomes. Customers can now configure entry to CI scan ends in alignment with their group’s undertaking visibility and isolation logic.
- Viewing SBOM in picture evaluation particulars. Scanned container photographs can now be exported as SBOM (Software program Invoice of Supplies). It simplifies integration with vulnerability administration instruments and registries, making certain full software program provide chain traceability.
- Dynamic agent updates with out redeployment. On the spot group configuration modifications remove node-agent pod redeploys and downtime, simplifying large-scale administration. This allows real-time useful resource optimization throughout peak masses, mitigating manufacturing disruption dangers.
“We imagine that container safety should be as versatile and quick as containerization itself. The brand new capabilities in Kaspersky Container Safety are constructed to match the wants of recent DevOps. For example, the brand new GitHub Actions scanning characteristic catches vulnerabilities straight throughout the configuration code, permitting groups to determine and repair errors as early as attainable, when it’s most cost-effective and prevents missed deadlines,” feedback Anton Rusakov-Rudenko, Senior Product Advertising and marketing Supervisor, Cloud & Community Safety at Kaspersky. “This launch helps to successfully bridge the hole between speedy deployment and strict compliance, defending infrastructure towards the most recent cyberthreats, with out operational overhead.”
For additional data on Kaspersky Container Safety, please observe the hyperlink[AAM1] .
About Kaspersky
Kaspersky is a worldwide cybersecurity and digital privateness firm based in 1997. Innovating the business with a Cyber Immunity strategy, Kaspersky safeguards customers, companies, important infrastructure, and governments from cyberthreats, with over a billion gadgets protected so far. Kaspersky ensures Cybersecurity True to Enterprise, specializing in offering clear outcomes, defending income, easing workloads and stopping downtime. Kaspersky’s deep risk intelligence and safety experience is continually reworking into revolutionary options and providers for organizations of each dimension, from small companies to giant enterprises, combining confirmed AI-driven safety applied sciences with easy administration and professional assist. Acknowledged in impartial exams and trusted by thousands and thousands of people worldwide and practically 200,000 organizations, Kaspersky helps detect threats earlier, reply sooner and function with larger confidence and freedom, defending what issues most to our shoppers. Study extra at www.kaspersky.com.