Press Release

CloudPassage is First to Support CIS Docker 1.6 Benchmark

Latest guidance for securing Docker containers now fully supported in CloudPassage Halo agile security platform

San Francisco, Calif. , July 21, 2015

CloudPassage today announced that it now includes Center for Internet Security (CIS) security benchmarks for Docker 1.6 and other operating systems as part of its CloudPassage Halo agile security platform. CloudPassage is the first commercial security platform to provide Docker security benchmarks as an integrated part of its product. The CIS is a non-profit organization that provides information on how to securely deploy and configure various operating systems and applications. The CIS Docker 1.6 Benchmark provides prescriptive guidance for establishing a secure configuration posture for Docker containers.

Docker software has been downloaded more than 100 million times in the last year, making it the one of the fastest growing open source projects ever. Docker is becoming a key strategy for IT organizations to become more agile because it allows companies to move their applications anywhere without breaking or rewriting them. By leveraging Docker containers, large monolithic applications can be broken down into smaller, reusable services that are easier and faster to manage.

“Securing Docker containers has been problematic until now,” stated Amrit Williams, CTO for CloudPassage. “Traditional security solutions simply do not work well with container-based architectures. For the first time, enterprises can embrace the agility and speed offered by Docker technology and be assured that critical assets running in containers can be secured.”

CloudPassage Halo extends network security right to the workload, no matter where the workload is running or what’s running on it. Halo provides comprehensive security and compliance functions previously unavailable to Docker containers: workload firewall management, configuration monitoring, strong access control, software vulnerability management and much more. Ultra lightweight CloudPassage Halo agents are deployed on every server or Docker instance, everywhere – even on live systems without reboot, making them non-intrusive to production systems. The agents send access, configuration and control information back to the CloudPassage Halo security orchestration engine, which processes the data and sends command and control instructions back to the agent.

CloudPassage is expanding its Configuration Security Monitoring library to reflect the latest CIS benchmarks for a wide variety of operating systems, including CentOS, Ubuntu and Redhat.