CloudPassage Halo Container Secure provides full lifecycle security and compliance for your microservices and applications across all your container deployments.
Halo is the only security solution that allows you to secure your entire container environment – hosts, containers, and images in registries. With Container Secure, DevOps and security practitioners can automate security and compliance checks as part of their continuous integration / continuous deployment (CI/CD) pipeline, ensuring that security is a seamless part of the process from the beginning –not a separate step at the very end.
Built on the enterprise-grade Halo platform, Container Secure delivers the scalability, reliability, and performance you need for your highly dynamic container deployments.
Halo lets you harden the container host against attack and detect unexpected changes and events which may indicate that the host has been compromised. Host security is required by CIS Benchmark for Docker 1.2 and recommended by leading experts.
Using Halo you can:
- Detect vulnerabilities and configuration issues on Docker host and Docker daemon.
- Detect host intrusion
- Monitor file integrity
- Segment container host network
Continuous Image Assurance
Monitor images throughout each stage of the software development lifecycle including build/test, distribute, deploy and run. Container Secure integrates with Jenkins and registries such as Docker Trusted Registry, Amazon EC2 Container Registry (ECR), and jFrog to ensure that you can trust images no matter where they are.
- Detect known vulnerabilities in open source and commercial software packages based on the National Institute of Standards and Technology (NIST) database of Common Vulnerabilities and Exposures (CVE)
- Detect configuration problems
- Detect embedded secrets such as certificates, API keys, login credentials
Runtime Configuration Assessment
Monitor your Docker daemon, container runtime configuration, and Docker image configuration for conformance with Center for Internet Security (CIS) Benchmark for Docker, NIST SP 800-190, or any custom configuration policy. You can also detect rogue containers instantiated from unauthorized or unknown images.
Visibility & Compliance
Track and audit events in your container environment including container activities and changes, orchestration activities and changes, image lifecycle activities, and of course software vulnerabilities and configurations. View dashboards. Generate reports for auditors.
Integrate with common registries and CI/CD tools such as Jenkins and Bamboo using our pre-built integrations or our rich RESTful API. The list of supported environments includes:
- Registries: Docker Private Registry (DPR), Amazon EC2 Container Registry (ECR), Docker Trusted Registry (DTR), jFrog
- Host OS: CoreOS, Ubuntu, RHEL, CentOS
- Base Image: Alpine, CentOS, Ubuntu
“Containers are exploding in popularity because they’re fast and efficient. The rapid adoption of containers has created a strategic imperative to secure containers during build-time, before they are deployed into production, and then during run-time. With Container Secure, CloudPassage is providing robust automated security for every stage and level of container applications expanding protection across workload types for unified host-based security.”