PingSafe launched KSPM module to provide an end-to-end security solution that encompasses the entire container lifecycle, from development to production, helping organizations securely navigate the dynamic landscape of container orchestration.
By tightly integrating into PingSafe’s CNAPP platform, KSPM module, along with other modules like CSPM, CWPP, and IaC scanning, allows context establishment across clients’ cloud infrastructure, prioritizing the truly exploitable vulnerabilities.
Kubernetes has emerged as the de facto standard for container orchestration, but its complex architecture introduces unique security challenges for an organization to tackle. Ensuring the security and integrity of Kubernetes environments is no longer a choice; it is imperative for organizations seeking to protect their digital assets and looking to maintain the trust of their customers.
PingSafe’s KSPM module helps security teams within client organizations to:
- Detect misconfigurations: Perform comprehensive scanning of Kubernetes clusters including control plane policies, application layers, containers, and cloud-managed Kubernetes configurations.
- Perform vulnerability scanning: Conduct automated agentless scanning of containers across public and private Kubernetes clusters to identify potential security weaknesses and then highlight the truly exploitable vulnerabilities by using PingSafe’s offensive security engine.
- Custom policy support: Create policies for monitoring Kubernetes resource configurations and related events tailored to your organization’s security requirements and compliance adherence.
- Define access controls: Strengthen access controls by monitoring Kubernetes’ RBAC policies and ensure adherence to industry best practices by enforcing the principle of least privilege.
- Provide enhanced context and visibility: Generate cluster graphs that provide a clear and intuitive visualization of your Kubernetes environment, showing the relationships between namespaces, containers, and hosts, and detailed information about each container image, its identity privileges, and the hosts the container is running on.
- Generate Software Bill of Materials (SBoM): Comprehensive list of all the third-party and open-source dependencies in each container image, highlighting vulnerabilities and recommended fixes.
PingSafe’s KSPM module supports managed Kubernetes environments (AWS EKS, Azure AKS, Google GKE). For container registry services, PingSafe provides support for both cloud-native (AWS ECR, ACR, GCR) and third-party (Harbour, Quay, DockerHub, etc.) registries.
“As organizations across the world adopt Kubernetes, our context-aware KSPM capabilities allow our clients to address top-of-mind security needs as they implement containerization across their production environment,” said Nishant Mittal, CTO for PingSafe. “This is another step in our vision of providing complete cloud security coverage to our clients, as we add more capabilities to our CNAPP platform.”