ARMO Platform

What do you like best about the product?

Whilst configuring first clusters it is important to be able to harden the cluster. Easy to implement as well

What do you dislike about the product?

Used only short time. No negative experiences so far.

What problems is the product solving and how is that benefiting you?

HArdening and monitoring Kubernetes for vulnerabilities

What do you like best about the product?

The ARMO Platform has cut our cloud costs for our Intrusion Detection Service (one of our most costly products) by 80%.

What do you dislike about the product?

ARMO is coming out with many new features. They seem helpful after a demo, but it isn't always clear how we can use them for actionable insights.

What problems is the product solving and how is that benefiting you?

ARMO is primarily solving the Intrusion Detection problem. We need to know if an attacker has successfully penetrated one of services. While that was the primary factor that led us to purchase the ARMO Platform, we've since found additional features that have added significant value. Specifically, when a vulnerability is detected in our tech stack we can see in which container the vulnerability was found, but don't have the critical data we need to prioritize the remediation. ARMO can tell us if the vulnerability is actually present in our code running in production or merely present in the process used to build the container. It can also give us critical information like exploitability that we can use to determine the priority and critical nature of the issue.

What do you like best about the product?

ARMO's Kubescape is an outstanding security tool that has become an integral part of our Kubernetes ecosystem. As an open-source solution, it offers robust security scanning capabilities that ensure our clusters remain secure and compliant with industry best practices.

One of the standout features of Kubescape is its comprehensive scanning engine, which covers everything from misconfigurations to vulnerabilities across our Kubernetes clusters. It seamlessly identifies security risks based on the CIS Kubernetes Benchmark and NSA-CISA Kubernetes Hardening Guidance, giving us peace of mind that our infrastructure is well-protected.

Kubescape’s integration with our GitHub Actions workflow has been a game-changer. The ease with which it fits into our CI/CD pipeline means we can automatically scan our Kubernetes manifests and Helm charts during every pull request. This early detection of security issues helps us maintain a high level of security without slowing down our development process. The setup was straightforward, and the feedback is immediate, allowing us to catch and resolve issues before they make it to production.

The tool's detailed reports and actionable insights are invaluable for our team. The ability to visualize the security posture of our clusters and track improvements over time has significantly enhanced our security operations. Kubescape's intuitive interface makes it easy for both developers and security teams to collaborate and ensure that security is a shared responsibility.

In summary, ARMO's Kubescape is a must-have for any organization running Kubernetes. Its powerful scanning capabilities, combined with seamless GitHub Actions integration, make it an essential tool for maintaining a secure and compliant Kubernetes environment. We highly recommend it to any team looking to enhance their Kubernetes security posture without adding complexity to their workflows.

What do you dislike about the product?

We didn't identify any issues so far while deploying it on our clusters.

What problems is the product solving and how is that benefiting you?

Mitigating CVE shock and making it very easy to identify where the main issues are within our clusters, helm charts and docker images.

What do you like best about the product?

Armo is able to gather in a synthetic and nice-looking interface, a lot of data that I'm used to collect from so many different tools. Moreover, it aims to deliver ready-to-use and easy-to-understand actions. The visual approach, such as diagrams of attack paths, or diffing YAML manifests for showing us how to improve security by changing kubernetes resources, is a game changer !

What do you dislike about the product?

While the installation and integration is pretty straightforward thanks to their Helm chart, the toolset that needs to be deployed on each cluster is pretty large, with many deployments, statefulsets and cronjobs.

What problems is the product solving and how is that benefiting you?

ARMO can help security team that does not have a large knowledge in Kubernetes to understand what does matter and where to focus.

What do you like best about the product?

It's a great tool that let's you focus on the security risks that matter! Also customer support is very helpful and fast.

What do you dislike about the product?

The setup can be complicated at the start, but luckily customer support is there to help you.

What problems is the product solving and how is that benefiting you?

It helps us to focus on the security issues that matter and not let us drown in a sea of vulnerabilities.