Tigera Adds Vulnerability Management Capabilities to Calico Platform
Tigera today extended the reach of its container networking and security platform for cloud-native application environments based on open-source Calico software into the realm of vulnerability management.
Dhiraj Sehgal, director of product marketing for Tigera, said the goal is to make it simpler for IT teams to prioritize remediation efforts by making it easier to identify the most severe vulnerabilities found within container images.
Tigera can provide that capability using multiple feeds that analyze the risk score assigned to various vulnerabilities. Those risk scores can then be used to manage remediation efforts based on the actual level of risk an organization might be incurring, noted Sehgal.
In addition to enabling organizations to pick which feeds to employ, an Image Assurance tool provided by Tigera has been extended to provide additional filtering capabilities that segment scan results by over a dozen different variables.
Tigera now also provides a Bulk Exception capability that IT teams can use to reduce the overall volume of alerts being generated when, for example, downloading container images from a trusted source.
Finally, Tigera has added integration with Jira project management software from Atlassian to make it simpler for IT teams to centrally manage and track which vulnerabilities to remediate and support for Hosted Control Planes, a deployment option for the Red Hat OpenShift platform based on Kubernetes that reduces the number control planes an IT team might otherwise need to deploy and manage.
Tigera has been making a case for unifying the management of security and network operations in the cloud-native application era for several years now. As organizations continue to increase the overall rate at which they are deploying cloud-native applications, they are finding securing the container images upon which those applications are based is becoming more challenging. It’s not uncommon for developers to have inadvertently encapsulated vulnerabilities within containers that while frequently replaced can still be exploited by cybercriminals that have learned to scan for specific weaknesses.
Fortunately, with the rise of platform engineering as a methodology for managing DevOps workflows at scale, more organizations are starting to centralize the management of application development, networking and security, noted Sehgal. The pace and rate at which organizations are adopting platform engineering remains to be seen, but there is little doubt that organizations that have embraced Kubernetes are moving to programmatically manage a wider range of IT services.
The issue is the level of expertise needed to achieve that goal is substantial. A DevOps engineer who is familiar with Kubernetes, networking and the controls required to secure those environments is still rare, so organizations need to continue to rely on multiple specialists. The challenge then becomes finding a way to bridge the disparate cultures of the specialists that make up those teams.
One way or another, however, the management of cloud-native application environments is becoming more unified in an era where it is becoming more common for software engineers to manage a much wider range of processes and tasks.