With the release of the Docker CIS Benchmark in 2015, organizations using containers could align on standard guidance for how to secure the container runtime. However, as the complexity of container deployments and rate of adoption has grown over the past two years, it’s become evident that it’s not only the container runtime – but the deployment model as well that could benefit from standardization.
Yesterday, the first version of the Kubernetes CIS Benchmark for 1.6 was released for this purpose – to provide the Kubernetes community a set of standards for securely deploying and managing container clusters. This new set of guidelines is a community driven effort to collect, review, and share Kubernetes related knowledge, and contains over 100 different guidelines to ensure Kubernetes clusters are secured against common misconfigurations and threats.
We at Twistlock actively participated in the effort by adding new guidelines based on customer feedback and experience. For example, we contributed control 1.6.4, which recommends micro network segmentation using network policies. This control reduces your exposure to lateral movement attacks, and increases the security of east/west data flow.
Whether or not your organization leverages Kubernetes, Twistlock can automatically enforce compliance policies across all stages of the container lifecycle. From day 1, we’ve offered native Docker CIS Benchmark support and templates for compliance to industry standards, and we’ll continue to evolve our offering.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Istio Visualization, Security, and Compliance Checks with TwistlockRead the Blog
Protecting Serverless Functions at Runtime: Serverless Defender v2Read the Blog
Cloud Platform Discovery: Identifying All Your Cloud Native ServicesRead the Blog
Using Twistlock to Secure Workloads on Pivotal Cloud FoundryRead the Blog
Twistlock, Azure Container Instances, and AKS virtual nodesRead the Blog