What's new

Kaspersky Container Security 1.1 offers the following new features and improvements:

• Support for detected malicious objects with different severity levels. The solution allows you to accept risks for non-critical objects.
• Ability to generate reports on detected vulnerabilities, security events, and compliance with applicable policies. The solution can generate the following types of reports:
  • Images summary report.
  • Images detailed report.
  • Accepted risks report.

  Depending on report type, reports are created and generated in different parts of the solution, including the CI/CD section. Generated reports are available for viewing and downloading in several formats in a new section of the main menu: Administration → Reports.

• Optimization of the load on CI agents when integrating with the CI pipeline. The new version of the product offers two CI schemes:
  • Using the resources of the CI agent.
  • Without using the resources of the CI agent. In this scheme, the scanner starts in the CI pipeline and reads and sends a SBOM to the installed solution. This SBOM file is parsed by the available scanners, and the scan result is then returned to the CI system.
• Support the running of scanners when there is a proxy between an image registry and the installed solution.
• Different application scopes control user access to orchestrator resources and image registries, which are monitored by the solution. This also allows for the application of various security policies on these resources and registries.
• Ability to control image integrity using image signatures, as well as block images that have not passed signature verification. The solution can integrate with Notary and Cosign plug-ins for signature verification. To block images that have not passed signature authenticity verification, a new Image content protection section has been added to runtime policies.
• Control of applications and services running inside containers. The solution can monitor and block processes running inside containers.
• Support for Container Runtime Profiles, which can detect abnormal objects based on a custom or predefined profile pattern. The solution can create and use runtime profiles, which can be used to specify permissions for processes started inside containers and for network communications. Profiles are applied to containers started in a runtime environment and restrict their operation according to the specified settings.
• Monitoring and control of traffic between containers, containerization platform components, and external applications and resources. The solution can restrict network communications of containers in a runtime environment by configuring the following settings:
  • Ports (TCP/UDP).
  • IP addresses (IPV4, IPV6).
  • Block inbound and/or outbound network connections.