Overview
Product video
For North America and regions outside of EMEA, Red Hat® Advanced Cluster Security for Kubernetes is the pioneering Kubernetes-native security platform, equipping organizations to more securely build, deploy, and run cloud-native applications anywhere. The solution helps improve the security of the application build process, protect the application platform and configurations, and detect and respond to runtime issues.
Red Hat Advanced Cluster Security for Kubernetes lowers operational costs by reducing the learning curve for implementing Kubernetes security, provides built-in controls for enforcement to reduce operational risk, and uses a Kubernetes-native approach that supports built-in security across the entire software development life cycle, facilitating greater developer productivity.
To request a trial: redhat.com/acstrial
Key Features Visibility
- * Delivers a comprehensive view of your Kubernetes environment, including all images, pods, deployments, namespaces, and configurations.
- * Discovers and displays network traffic in all clusters spanning namespaces, deployments, and pods.
Vulnerability Management
- * Scans images for known vulnerabilities based on specific languages, packages, and image layers. Provides a dashboard highlighting the riskiest image vulnerabilities and deployments
- * Verifies image signatures against preconfigured keys for image attestation and integrity. Correlates vulnerabilities to running deployments, not just images Enforces policies based on vulnerability details at build time using continuous integration/continuous delivery (CI/CD) integrations.
Compliance
- * Assesses compliance across hundreds of controls for CIS Benchmarks, payment card industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), NERC-CIP, and NIST SP 800-190 and 800-53 Delivers at-a-glance dashboards of overall compliance across the controls of each standard with evidence exported to meet auditor needs.
- * Provides a detailed view of compliance details to pinpoint clusters, namespaces, nodes, or deployments namespaces that do not comply with specific standards and controls.
Network Segmentation
- * Visualizes allowed vs. active traffic between namespaces, deployments, and pods, including external exposures.
- * Simulates network policy changes before they are implemented to minimize operational risk to the environment.
Risk Profiling
- * Heuristically ranks your running deployments according to their overall security risk by combining security-relevant data such as vulnerabilities, configuration policy violations, and runtime activity.
- * Tracks improvements in the security posture of your Kubernetes deployments to validate the impact of your security team actions.
Configuration Management
- * Delivers prebuilt DevOps and security policies to identify configuration violations related to network exposures, privileged containers, processes running as root, and compliance with industry standards.
- * Analyzes Kubernetes role-based access control (RBAC) settings to determine user or service account privileges and misconfigurations Tracks secrets and detects which deployments use the secrets to limit access.
Runtime Detection and Response
- * Monitors system-level events within containers to detect anomalous activity indicative of a threat with the automated response using Kubernetes-native controls.
- * Baselines process activity in containers to automatically whitelist processes, eliminating the need to manually whitelist Uses prebuilt policies to detect crypto mining, privilege escalation, and various exploits.
A 60-day cloud service trial for Red Hat® Advanced Cluster Security cloud service is available. Please click on the link below for the Free Trial: https://www.redhat.com/acstrial
If you are a currently Red Hat OpenShift Service on AWS customer, an additional discount is available.It may take time until this offer will be available to provision in console.redhat.com
Highlights
- <p><strong>Supply Chain Security</strong></p> <ul> <li>Simplify DevOps processes by providing developers with security context in their existing workflows. </li> <li>Integrate security into your CI/CD pipelines and image registries to provide continuous image scanning, attestation, and assurance. </li> <li>Scan images for both operating system (OS) and language-level vulnerabilities. </li> </ul>
- <p><strong>Platform Security</strong></p> <ul> <li>Harden your organization’s environment to ensure the underlying infrastructure is configured to maintain security.</li> <li>Prevent configuration drift using compliance checks against industry standards (CIS, NIST, HIPAA, PCI) or custom policies.</li> </ul>
- <p><strong>Workload Security</strong></p> <ul> <li><span>Prevent high-risk workloads from being deployed or run using out-of-the-box deploy-time and runtime policies.</span></li> <li><span>Harden workloads by enforcing zero-trust network policies that adhere to the principle of least privilege.</span></li> </ul>
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Cost/unit |
---|---|
1 vCPU, Hourly, On-Demand, Billing | $0.028 |
Vendor refund policy
All fees are non-refundable
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Please create a case Get answers quickly by opening a support case with us at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Great Kubernetes Focused Security Product
Compliance, visibility, and vulnerability management for k8s. Great tool for SOC-2 compliance.
We really needed something for SOC-2 compliance, vulnerability management, IDS, k8s secrets issues, auditing access to customer environments, etc. StackRox ... rocks for this.
Filling in vendor security assessments became much easier after we deployed StackRox.