Portshift Syncs Kubernetes Policies to Container Vulnerabilities in CI/CD Pipelines for Remediation

Portshift’s Security Platform Isolates Vulnerable Containers, Ending Need to Immidiately Remove Affected Containers from Production Environment

TEL AVIV – December 18, 2019 — Portshift, a leader in identity-based workload protection for cloud-native applications, today announced a new capability that delivers runtime policies for vulnerability remediation, allowing more secure workload communications. Portshift’s risk mitigation engine connects Kubernetes network policies with discovered vulnerabilities in production workloads, allowing it to mitigate the risk potential of vulnerable containers until its replacement with a new version that removes the vulnerable component.

With Portshift, the company has taken DevSecOps to the next level with a platform that connects identified vulnerabilities with the identity of the workload, providing a measured balance that prevents workload communications based on the risk level and the potential threat to certain applications. The technology has the ability to block traffic based on the vulnerability level discovered, providing a single picture for complete visualization of these processes during runtime. This provides protection that is matched to the DevOps applications in production.

According to a 2019 report  by Gartner. “Security can’t be an afterthought. It needs to be embedded in the DevOps process, which Gartner refers to as “DevSecOps…Integrate an image-scanning process to prevent vulnerabilities as part of an enterprise’s continuous integration/continuous delivery (CI/CD) process, where applications are scanned during the build and run phases of the software development life cycle.”(1)

Portshift mitigates vulnerabilities with greater sophistication. Available as part of the company’s identity-based cloud native workload security and risk management platform, the technology ensures that Kubernetes environments are protected from development to runtime. When unknown, and possibly malicious workloads are detected, they are quickly identified and rapidly removed using Portshift’s innovative DevOps security platform. The company’s workload management processes offer an alternative to the use of IP addresses, ports and firewalls to secure the network perimeter as it addresses the unique security requirements of cloud-native microservices running in containers both inside and outside of the network perimeter.

“With the availability of this identity-based approach, we are actively collaborating with industry leading vulnerability scanning providers including Twistlock, Aqua and Clair to move the industry forward,“ said Zohar Kaufman, Co-Founder and VP, R&D for Portshift. “Having Portshift’s information-rich view of containers in real time will be exceedingly important in 2020 as more determined hackers continue their efforts to attack earlier in the development process in order to exploit vulnerabilities before they are addressed by DevSecOps.“

About Portshift

Portshift is an identity-based cloud workload protection platform that secures applications from CI/CD to runtime. Portshift enables organizations to know which applications are running on their cloud environments, to see and enforce how the applications communicate and to easily find information that is associated with their development and deployment cycles enabling DevOps teams to orchestrate security as part of their day-to-day job. Portshift’s unique model introduces a security framework that is decoupled from network and operations, allowing for accelerated software delivery at any scale. Portshift was spun out of think tank and company-builder Team8. Go to portshift.io for more info.

 

– END –

 

 

(1)   Gartner, Best Practices for Running Containers and Kubernetes in Production, February, 2019