Kaspersky Container Security
Protecting containerized environments and enhancing your organization's hybrid infrastructure security

Globally renowned security

Leverages international best practices in container environment security to effectively counter most cyberthreats associated with these environments.

Comprehensive protection for containerized environments

Addresses the unique needs of container environments and secures every component of the container infrastructure, from the container image registry to the orchestrator.

Compliance with regulatory requirements

Ensures app security, supporting your organization in ensuring full compliance with regulatory requirements.

Integration into the development process

Kaspersky Container Security seamlessly integrates security into the software development process.

• Detection of vulnerabilities in running containers
  Scanning running applications can identify vulnerabilities in code that can`t be detected during the build phase
• Checks container images from the registry
  Automated scanning can detect irrelevant images and identify vulnerabilities, secrets and violations in configurations
• Monitors resource consumption and communications between containers
  Intuitive widgets help detect suspicious activity and proactively respond to security threats

Orchestrator protection

Kaspersky Container Security provides comprehensive protection for a key component of the containerized application development and execution environment.

• Monitors authentication and authorization configuration
  Centralized access control and management increases the security of not just the orchestrator, but also the organization's entire IT infrastructure
• Checks orchestrator configuration
  Helps identify configuration errors, non-compliance with security policies, and unauthorized attempts to change the configuration
• Process and network control
  Monitoring orchestrator activity helps to detect and stop suspicious activity both within and between clusters

Regulatory compliance audit

Kaspersky Container Security detects violations of regulatory requirements in various components of the container environment and performs audits in accordance with national and international standards.

• Checks at both orchestrator and individual container level
  Security control at multiple levels allows you to address component-specific security risks
• CIS compliance verification
  The ability to verify applications and infrastructure in accordance with the methodologies of international organizations helps implement global best practices for information security
• Vulnerability analysis based on NIST database
  Enhances corporate security through the timely detection of vulnerabilities in the container infrastructure

Visualization and inventory of cluster resources

Clear and intuitive widgets and infographics help not only to monitor product status, but also to detect security incidents based on indirect indicators.

• Monitors cluster status
  Visualization of processes and cluster status provides a high level of awareness and readiness to respond to potential incidents
• Fully customized widgets to reveal cross-section data
  Information displayed in widgets provides a detailed visualization of the processes taking place in the product and the protected infrastructure
• Resource inventory
  Compiling a "catalog" helps identify unaccounted resources and their owners, which increases overall security and helps close gaps

KCS Agent

Detects vulnerabilities at container, cluster, and orchestrator levels, ensuring runtime security. Installs into the cluster as a stand-alone container.

KCS Scanner of images and infrastructure

Checks the image registry for relevance and security. The scanner also checks images as part of the CI process, thus reducing the build stage risks. Installs into the cluster with the orchestrator's server components.

KCS Control Server

Responsible for monitoring the status of the solution components and interaction between them, as well as aggregation of information on detected events. Installs into the cluster with the orchestrator's server components.