Tigera News Release
Tigera Secure Enterprise Edition 2.4 Enables
Firewalls to Secure Dynamic Kubernetes Workloads
May 8, 2019
With launch of Tigera Secure Enterprise Edition 2.4, security teams can now extend their existing zone-based architecture to secure Kubernetes
SAN FRANCISCO, MAY 8, 2019 – Tigera, an enterprise software company providing security and compliance solutions for Kubernetes platforms, today announced its new Tigera Secure Enterprise Edition 2.4 is now generally available. The new version is the world’s first security software that enables enterprise security teams to provide network security and compliance for Kubernetes platforms while extending their existing zone-based architectures. Tigera Secure works with current hardware and software firewalls on-prem and in the cloud, saving organizations significant amounts of resources, time and money.
The company, which recently won the 2019 InfoSec Award for Best Product for Container Security from Cyber Defense Magazine, announced the news during the Red Hat Summit in Boston today. Tigera is exhibiting during the premier open-source software industry event at booth #317.
Security teams run into several problems when trying to secure modern applications running on Kubernetes.
- Existing zone-based security architectures cannot be extended to Kubernetes because the workloads use ephemeral, dynamic IP addresses that cannot be used to identify a workload. Security teams resort to opening large IP ranges between security zones, allowing all Kubernetes traffic to flow through the architecture.
- Modern applications often integrate with third-party APIs like Twilio, SaaS services like Zuora and Salesforce, and resources outside the cluster like AWS RDS databases and VMs. To enable those integrations to work, security teams must allow large IP ranges to egress through the firewall and are unable to provide fine-grained access to specific workloads.
- Without the ability to recognize a workload identity, network flows cannot be logged properly. The data misses context that is unique to Kubernetes, such as namespace, pod name, labels, and container ID. Without this information, debugging service issues and performing forensic analysis is not possible.
- For workloads that are in-scope for compliance controls, the data required to perform an audit is incomplete or missing. This can result in compliance findings since the security team cannot prove adherence to their control framework.
While Kubernetes workloads are growing rapidly they currently represent a small fraction of the workloads that a security team has to secure. Consequently, redesigning their current security architecture isn’t a feasible option since a significant investment has gone into acquiring technology, designing processes, and training teams. Security teams are looking for a way to extend their current investments in technology and processes to support new Kubernetes workloads.
“With the release of Tigera Secure Enterprise Edition 2.4, we’re the first to close a big gap that has frustrated security teams and delayed application deployments,” said Ratan Tipirneni, president and CEO at Tigera. “Until now, they were not able to use their existing security architecture to secure their applications running on Kubernetes. And, importantly, with the increase in service-to-service traffic flowing through the network, they had to consider buying additional hardware and firewall licenses which can cost millions of dollars. But, now, with Tigera Secure Enterprise Edition 2.4, they can extend their firewalls to secure dynamic Kubernetes workloads without disrupting any of their processes or retraining their teams.”
Enterprise security and IT professionals from companies such as Atlassian and Monzo Bank rely on Tigera’s software to protect their modern business applications and to generate reports used for internal and third-party compliance audits.
The potential cost of non-compliance to privacy regulations is staggering and it continues to grow, according to a report from Globalscape and the Ponemon Institute last May. Non-compliance costs businesses on average $14 million, a 45 percent increase since 2011. Security professionals need to keep compliance in mind for their Kubernetes in-scope workloads, because they cannot be properly secured using their existing zone-based architectures, and could result in major fines.
New features or key enhancements enabling this new capability in version 2.4 include:
- New DNS policies enable fine-grained access controls between individual Kubernetes pods and third-party APIs, SaaS platforms, and resources outside the cluster – both on-prem and in the cloud.
- Tigera Secure now ingests Threat Intelligence Feeds and blocks traffic from leaving your Kubernetes pods to IPs known for malicious activity.
- Powerful, in-depth compliance reports to meet key security controls required by PCI, SOC 2, and other certifications and frameworks.
- Easier and quicker deployments with Helm charts.
Tigera provides Zero Trust network security and continuous compliance for Kubernetes platforms. Tigera Secure Enterprise Edition extends enterprise security and compliance controls to Kubernetes environments with support for on-premises, multi-cloud, and legacy environments. Tigera Secure Cloud Edition is available on the AWS marketplace and enables fine-grained security and compliance controls for Kubernetes on AWS and Amazon EKS. Tigera powers all of the major Hosted Kubernetes environments including Amazon EKS, Azure AKS, Google GKE, and IBM Container Service. Tigera is also integrated with the major on-premises Kubernetes deployments and is shipped “batteries included” in Docker EE and fully integrated with Red Hat OpenShift. Visit us at www.tigera.io or follow us on Twitter @tigeraio