With the enterprise increasingly challenged to speed application deployment as the attack surface continually expands, Checkmarx has introduced a powerful new Container Security solution. Offered as part of its cloud-native Checkmarx One application security (AppSec) platform, the new Container Security solution enhances team efficiency while delivering early vulnerability identification, actionable insights and streamlined mitigation within familiar development processes and workflows.
Sysdig runtime insights are integrated within the Checkmarx One platform to enhance threat detection by combining static analysis with runtime monitoring. Checkmarx Container Security thus enables more immediate, proactive response and mitigation strategies than other solutions, as well as a complete view of container security, leading to an improved security posture. In addition, Checkmarx Container Security identifies and flags malicious packages, emphasizing the critical risk they pose and provides runtime usage information, offering insights into whether malicious packages are actively used in running containers.
With Checkmarx Container Security, heads of development can trust their teams are able to integrate security readily within their familiar workflows. Developers and AppSec teams can make use of a robust feature set that ensures a thorough and proactive approach. Features include:
- Image Scanning and Breakdown: Multi-layered approach analyzing each layer of an image to identify vulnerabilities and potential threats. A granular view of each container image layer helps pinpoint security issues.
- Package Inspection: Ensures packages within container images meet security best practices.
- Vulnerability Assessment: Prioritizes vulnerabilities based on severity with detailed information and remediation guidance.
- Triage Risks: Manages the severity and status of vulnerabilities with detailed audit trails.
- Base Image Remediation: Recommends alternative base images with a lower security risk profile.
- Malicious Package Identification: Leverages a proprietary database of more than 385,000 malicious packages discovered by the Checkmarx security research team. Container Security identifies and flags fully malicious packages as well as those for which only certain versions are flagged as malicious, alerting when packages are in active use in running containers.
- Results View: Intuitive interface providing detailed scan results and analysis.
- Scan Risk Report: Comprehensive reports summarizing scan results, downloadable in various formats.
“As software development practices evolve, the attack surface expands while attackers seize new opportunities to deploy new exploit techniques,” said Kobi Tzruya, Chief Product Officer at Checkmarx. “One customer, a cloud-based service provider, saw an immediate impact in addressing significant, business-critical security vulnerabilities with our Container Security solution. Their key outcomes included a 40% reduction in critical vulnerabilities and the elimination of over 200 hours in remediation and management processes.”
To learn more about Checkmarx Container Security and Checkmarx One, visit this page.
