Today, we are announcing that we have been awarded CIS SecureSuite Vendor Certification for meeting the following benchmarks:
CIS Amazon Elastic Kubernetes Service (EKS) Foundation Benchmark version 1.2.0, Level 1 + Level 2
CIS Azure Kubernetes Service (AKS) Foundation Benchmark version 1.2.0, Level 1 + Level 2
CIS Google Kubernetes Engine (GKE) Foundation Benchmark version 1.3.0, Level 1 + Level 2
Wiz is the first cloud security vendor to receive Center for Internet Security (CIS) certification for Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE) Benchmarks by relying solely on agentless techniques. Wiz customers can now use built-in frameworks to automatically assess their Kubernetes clusters’ compliance with the latest EKS, AKS, and GKE CIS Benchmarks. These benchmarks reflect CIS recommendations that need to be implemented to ensure that managed Kubernetes clusters are securely configured.
Understanding the need for CIS benchmarks for EKS, AKS, and GKE
The CIS EKS, AKS, and GKE Benchmarks are a set of recommendations and best practices by the Center for Internet Security for configuring managed cloud-provider Kubernetes to support a strong security posture. Each benchmark is tied to a specific managed Kubernetes release.
CIS Benchmarks are essential for securing Kubernetes environments because they provide guidelines and best practices to help organizations protect their Kubernetes clusters from potential security threats. These benchmarks cover many security controls, including network security, access controls, logging, monitoring, and configuration management.
By following the CIS Benchmarks, organizations can configure their Kubernetes environments securely and implement the latest best practices to reduce the risk of data breaches and other incidents. These benchmarks keep sensitive data safe and secure.
In addition, many compliance frameworks such as PCI DSS, HIPAA, and NIST require organizations to follow CIS Benchmarks as part of their compliance efforts. This means that by implementing the benchmarks, organizations can meet their compliance obligations and avoid potential fines and penalties.
Cloud-managed Kubernetes environments like EKS, AKS, and GKE are complex and constantly evolving, making it difficult for organizations to keep up with the latest security best practices and compliance requirements. Furthermore, applications running on Kubernetes often have a distributed architecture, making it challenging to track and monitor all the different components and potential security risks. As a result, automated tools are needed to help organizations manage and monitor their Kubernetes applications efficiently and effectively. Additionally, manually assessing CIS Benchmarks across these environments can be time-consuming and error-prone, increasing the risk of misconfigurations and security vulnerabilities.
Essential EKS Security Best Practices
EKS security refers to the practices, strategies, and technologies that organizations use to protect Amazon Elastic Kubernetes Service (EKS) environments from threats.
Read more
Traditional solutions rely on agents
Traditional solutions that can automatically assess CIS Benchmarks require either agents or software to be deployed on Kubernetes clusters in order to analyze their compliance posture. Agents are used to monitor Kubernetes nodes to discover misconfigurations and security risks, therefore defining the security and compliance posture of the Kubernetes environment. However, this can result in performance overhead or blind spots.
Why a better approach is needed
Enabling compliance in cloud-managed Kubernetes environments requires a cloud-native approach that encompasses the entire K8s stack, including the cluster control plane, worker nodes, and workloads running on the cluster with minimal dependency on agents. By adopting a cloud-native approach to compliance, organizations gain visibility into all their clusters and ensure they are secure, reliable, and compliant with industry best practices.
Connect Wiz to your cloud environment in minutes and assess your cloud and Kubernetes compliance posture completely agentlessly
Wiz connects in minutes to your cloud and Kubernetes environments using APIs. It uses agentless scanning to gather information from all layers of the clusters and their associated workloads for potential risks related to misconfigurations, external exposure, vulnerabilities, malware, secrets, and more.
Wiz reviews all the information collected against the CIS benchmarks dedicated to EKS, AKS, and GKE. The benchmarks consist of a set of built-in checks and configuration rules for the cloud and hosts that rely on our agentless Host Configuration capabilities associated with the checks and recommendations of each benchmark.
Wiz comes out of the box with over 7000 Rules for Host Configuration, thousands of Rules for Cloud Configuration, and hundreds of Controls.
Finally, we calculate your overall compliance score for each benchmark so that you can have complete visibility into your compliance posture across all your Kubernetes clusters.
Quickly remediate any issues with guidance
Once you identify the failing Controls in your environment, it can be hard to know what is the next step to take to address the failed checks. For any failed Control in your environment, Wiz gives you specific remediation guidance so you can quickly respond to any Issues.
Automatically alert the various teams in charge of cloud and Kubernetes environments so that they can remediate any detected Issues. Wiz integrates with a wide variety of third-party tools such as Jira and ServiceNow, enabling you to use the same tools you use today.
Have a continuously updated view of your Kubernetes compliance posture
Wiz will automatically detect changes in your cloud infrastructure as well as changes in Kubernetes clusters like node creation or deletion. This allows us to maintain an up-to-date view of the security risks and compliance status of all your Kubernetes clusters and their nodes.
Wiz has achieved CIS certification for EKS GKE and AKS
We are delighted to announce Wiz has received CIS certification for Levels 1 and 2 for EKS-, AKS-, and GKE-managed Kubernetes environments using agentless techniques.
These certifications demonstrate Wiz's commitment to securing Kubernetes environments and accompany both announcements made at KubeCon '22 and the general availability of our Admission Controller. Wiz is an agentless solution that provides all the capabilities needed to secure and ensure compliance of your Kubernetes environments.
Getting started
Wiz includes dedicated, built-in Compliance Frameworks for CIS EKS 1.2.0, GKE 1.3.0, and AKS 1.2.0.
On the Compliance > Single Framework page, CIS category names are represented as categories while recommendations are represented as sub-categories. Learn more about how you can use these new compliance capabilities. Use the Wiz docs (login required) to get started. Have questions, comments, or feedback? Do reach out to Wiz. We love hearing from you. You can also learn more on how Wiz can help secure your containers and Kubernetes, by visiting https://www.wiz.io/solutions/container-and-kubernetes-security.
