We’re excited to share that today Wiz has released new capabilities to bring deep cloud context and visibility to containerized environments, enabling security and development teams to rapidly identify, prioritize, and remove risks across their containers, Kubernetes, and cloud infrastructure.
Traditional container security solutions have failed because they lack context. Some narrowly target the cluster, without the context of the cloud it runs on, while others focus on scanning for vulnerabilities. These solutions leave organizations exposed to attack paths that cross the container, orchestration, or cloud boundaries, and miss the toxic combinations of risks and the ability to prioritize. In most cases, these solutions are also used in isolation from the broader cloud security stack, with different goals, tools, and teams involved.
Powering container security with deep cloud context
The new capabilities announced today extend the power of the Wiz Security Graph, which identifies toxic combinations of real risk and attack paths into cloud and containerized applications. This allows security and development teams to proactively reduce attack surface from build time to run time.
The new features enable Wiz customers to:
Build security guardrails with Wiz admission controller: The Wiz admission controller can be integrated with Kubernetes clusters to block misconfigurations from reaching clusters during deployment based on a unified policy framework that extends from build to production.
Identify Kubernetes-to-cloud lateral movement paths: Wiz now identifies chains of lateral movement paths from Kubernetes clusters to the cloud layer (and vice versa) that lead to high value assets such as admin identities or crown jewel data stores. Since Wiz uses a single graph to correlate risk for all clouds and Kubernetes environments, this new engine prevents Kubernetes-to-cloud and cloud-to-Kubernetes attacks such as data exfiltration, cluster hijacking for cryptomining or ransomware.
Detect the most critical risks affecting containers: Wiz combines data collected from cloud APIs, Kubernetes APIs and container hosts to calculate and cross-correlate risk factors such as internet-facing containers, vulnerable container images, overly permissive container identities, and exposed secrets to surface end-to-end attack vectors.
Detect malicious activity in Kubernetes clusters: Wiz seamlessly integrates with AWS GuardDuty and GCP Security Command Center to prioritize their findings by correlating them with the full Kubernetes and cloud context provided by the Wiz Security Graph.
Automate Kubernetes security posture management (KSPM): Building upon its ability to continuously scan and assess Kubernetes clusters, Wiz can now identify cluster misconfigurations and provide remediation steps based on built-in and custom policies without running agents inside the clusters.
Cloud-native takes hold
The most innovative organizations in the world are adopting microservices and containerized applications to accelerate innovation. One such innovator is cryptocurrency company Copper, whose platform is completely containerized. Copper leverages Wiz to secure its containers across the development lifecycle, and much more.
“When I joined Copper, we were searching for a tool to monitor our containers in real time for vulnerabilities,” said Adam Schoeman, Interim CISO, Copper. “We ultimately selected Wiz, which gives us the complete telemetry, monitoring, and visibility necessary for vulnerability management and prioritizing the most critical risks in our cloud and container environment. We’re using Wiz in pre-production as well to scan images to discover security issues early in the pipeline. Choosing Wiz was a no-brainer — no other tool comes even close.”
Full visibility across container instances
With the unlimited ways of running containers in cloud environments—managed container services such as Amazon Elastic Kubernetes Service (EKS) and Elastic Container Service (ECS), self-managed Kubernetes, serverless containers, standalone containers running on virtual machines, etc.—it’s nearly impossible for security teams to gain visibility into what’s running in environments and to understand the risks that matter. Only an agentless, comprehensive approach to container and cloud security can provide the necessary visibility across decentralized environments and teams so that development, DevOps, and security teams can realize the agility of containerized environments in cloud-native architectures securely.
The days of siloed container security are over. One strategy and set of tooling is needed for container and cloud security as a whole to provide security and development teams visibility into their ever-changing container environments. Next, risk should be assessed and prioritized based on a comprehensive analysis of misconfigurations, network exposure, secrets, vulnerabilities, malware, overly permissive identities and lateral movement holistically across their entire cloud environment, not just in containers or orchestration. Wiz provides centralized visibility and security without agents in minutes for increasingly decentralized environments and teams.
For more information on how Wiz can help secure your containers and Kubernetes, please visit https://www.wiz.io/solutions/container-and-kubernetes-security.