News, news analysis, and commentary on the latest trends in cybersecurity technology.

Ermetic Adds Kubernetes Security to CNAPP

The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters.

Dark Reading Staff, Dark Reading

March 1, 2023

1 Min Read
Illustration of data cloud protection and security, where three cartoon clouds with locks and keypads float in blue sky
Source: Val Thoermer via Alamy Stock Photo

Ermetic has introduced new Kubernetes security posture management capabilities to its cloud-native application protection platform (CNAPP). Customers can take advantage of the automated features to discover and fix misconfigurations, compliance violations, and risk or excess privileges in Kubernetes clusters. Ermetic CNAPP provides a detailed inventory of the resources inside all Kubernetes clusters, performs continuous posture assessment and prioritization of risks, and offers remediation guidance, the company said.

The platform queries the Kubernetes API for each cluster and uses agentless scanning and analysis of node configurations and containers. These findings are then combined with signals from the platform's cloud workload protection (CWP), infrastructure-as-code (IaC) scanning, cloud security posture management (CSPM), and cloud infrastructure entitlement management (CIEM) functionality to provide full visibility into threats, the company said. Customers can get a list of prioritized vulnerabilities within the context of cloud configuration, permissions, and network access. Customers can also enforce least privilege for users and services using the internal Kubernetes role-based access controls.

While Kubernetes is powerful for deploying and managing containerized applications across multiclouds, it can also be challenging for security teams to effectively track configuration changes, manage secrets, ensure proper role-based access control, and identify vulnerabilities.

"Existing approaches to Kubernetes security typically provide a siloed view, which results in high false positive rates," said Ermetic's chief product officer, Sivan Krigsman, in a statement.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights