Kubernetes-native Security Solution - Portshift
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
D A T A S H E E T Kubernetes-native Security Solution
Single Pane of Glass for Containers and
Kubernetes Security
Portshi ’s Kubernetes-native platform leverages the power of Kubernetes and Service-Mesh
to deliver a single source of truth for containers and cloud-native applications security.
Portshi is the only solution offering an agentless approach, with a single Kubernetes
admission controller for seamless integration.
Utilize the power of our lightweight solution to protect from threats and vulnerabilities across
images, containers, Kubernetes, and runtime deployments.
Portshi ensures a continuous security process during the entire containerized applications
lifecycle, from code to runtime. With our platform you can easily generate and apply network
policies and security rules and encrypt the traffic between services.
Portshi streamlines containerized applications security from code to runtime with
Kubernetes-native architectureVisibility Vulnerability management
Holistic view of your Kubernetes deployments Full life-cycle vulnerability scanning
including images, pods and namespaces
Comprehensive scanning capabilities including the
Gain visibility and control of your Kubernetes build, ship, and run CI/CD pipeline scanning and
deployments with rich context of the associated vulnerability scanning during runtime with Kubei.
CI/CD metadata including application’s Review overall and individual risk scores for
connections and attributes. vulnerability exploits during runtime with Kubei.
Discover network traffic and reveal the entire Our Intuitive Policy Advisor learns and continually
network communications both in-cluster and provides policy suggestions with the flexibility to
between clusters. Portshi generates and applies either block, allow or detect the connection.
the logic to configure network policies and security
rules, while automating the process. Continually scan your Kubernetes deployments, all
you need to do is to define your preferred frequency.
Gain runtime monitoring, view of risks and severity
levels across your environment - pods, containers,
namespaces.
Configuration management Kubernetes Network Encryption
Identify misconfigurations across images, Inside and outside the cluster
containers, clusters, and Kubernetes
Secure application traffic with encryption within a
Portshi analyzes Kubernetes Role-Based Access cluster when running in untrusted infrastructure or
Controls (RBAC), and Pod Security Policy (PSP) environments.
settings to detect risks within your Kubernetes Portshi encrypts internal communication between
environment. Portshi platform can act as another services in the same cluster and maintains the
enforcement layer, on top of Kubernetes, and block security level for communication between services
non-compliant configurations from being deployed. in different clusters.
Identify and remediate containers misconfigurations Portshi provides an innovative solution to secure
according to their risk level. multi-cluster communication with a distributed
Portshi platform provides a detailed risk analysis service mesh control-plane. Portshi developed an
report and assesses container’s configurations automatic identity federation mechanism that
against industry best practices and CIS benchmarks synchronizes the Istio Ingress gateway, making it
to decrease your security risk. possible to enforce authorization policies on
multi-cluster service communications.
The Portshi platform identifies which
communication paths are in violation of your
network policies (in and outside of your cluster)
and offers setting-up fine-grained declarative
network rules.Network Segmentation Compliance
Seamless service mesh integration for a CIS benchmark
complete Kubernetes network security
Test your Kubernetes deployment and configuration
Leverage Istio service mesh for protecting with Portshi platform to get a detailed list of risks
network communications, multi-cluster assessment and mitigations.
communications and secure communications
with external resources.
PCI compliance
Enforce segmentation and workload isolation
based on Layer 7 protocols mitigating pods Portshi platform enables to enforce the strict
communication with service mesh controls. firewall and segmentation requirements of PCI.
Visualize all pods that fall under the PCI regulation
Visualize real-time network connections and and build relevant rules. Create segregation of PCI
communications for all container traffic and compliant pods. Build policies effectively.
easily capture the forensics of these connections.Product Functionality
Functionality Description
Images security Vulnerability Scanning Scan Docker images in CI/CD
pipelines and Kubernetes runtime
deployments to detect vulnerable
packages/dependencies.
Pod Security Image Authorization Authorize the pod’s image prior to
the pod creation.
Vulnerable images Prevent the creation of pods from
vulnerable images.
Configuration Hardening Verify pods deployments with
predefined security-context that
removes potential risks and
harden the pod’s configurations.
Network Policies Secured Kubernetes Network Define and manage large scale
Policies network policies with visual
assistance tools.
Secured Network Policies with Define and secure connection with
External Resources external resources outside the
Kubernetes clusters.
Secure Network Policies Between Unique mechanism to expose
Clusters services between clusters for a
secured multi-cluster
communication.
Kubernetes Clusters RBAC Analysis Analyze RBAC roles in the cluster
security to detect overly permissive roles
or misconfigured roles.
Cluster Resources Secure predefined API calls to
restrict the potential of malicious
activities on cluster resources that
are not worker nodes/application
pods (secrets, logs, authorization).Integrations
Images registries Jfrog Artifactory, AWS ECR, Google Containers Registry and Azure
Containers Registry, Harbor, Quay
CI plugins Jenkins, CircleCI, Gitlab, Azure DevOps
CD plugins Helm, Terraform (Service Provider)
Orchestrations Kubernetes, AWS EKS, GCP GKE, Azure AKS, OpenShi , Rancher
Service Mesh Istio/Envoy, SMI/Envoy, LinkerD
Portshi ’s Kubernetes-native platform leverages the power of Kubernetes and
Service-Mesh to deliver a single source of truth for containers and cloud-native
applications security. Portshi is the only solution offering an agentless approach, with a
single Kubernetes admission controller for seamless integration.
Portshi empowers DevOps and Security teams to continuously protect their growing
Kubernetes deployments and multi-clusters. Utilize the power of our lightweight solution to
protect from threats and vulnerabilities across images, containers, Kubernetes, and
runtime deployments.
Follow US! Portshi ensures a continuous security process during the entire containerized
applications lifecycle, from code to runtime. Portshi generates and applies the logic to
configure network policies and security rules, while automating the process and
encrypting traffic between services.
Portshi .io @2020 all rights ReservedYou can also read
