04/05/2021 | News release | Distributed by Public on 04/05/2021 08:00
Rapid7 is excited to announce the general availability of our Kubernetes integration in InsightVM, our vulnerability management tool.This represents a step forward in Rapid7's ability to provide vulnerability and remediation management capabilities for container environments.
Kubernetes is the most popular container orchestration tool by a wide margin and is a powerful tool for scaling and reducing unneeded scale from a container deployment. This provides the ability to adapt an organization's environment on-demand and in an automated fashion. However, container images comprise software packages that represent opportunities to introduce risk via vulnerabilities present in those packages. Moreover, because a single container image may be instantiated multiple times, an organization's attack surface is increased.
Rapid7 provides the ability to assess risk in containers via our container registry scanning capabilities and our integration with popular Continuous Integration/Continuous Deployment (CI/CD) tools such as Jenkins. The release of our Kubernetes integration to general ability adds upon this and allows customers to quantify the exposure of risks identified via our vulnerability assessments.
Integrating your Kubernetes environment with InsightVM can be accomplished by pulling the Rapid7 Kubernetes Monitor from DockerHub, deploy this to each cluster, and performing a few configuration steps. Once configured, data will appear in the Container Security section of InsightVM.
After the monitor is deployed and configured, users will see Kubernetes data in the following areas of the Container Security section of InsightVM:
Users are able to see and filter images identified on running hosts-both in Kubernetes and Docker hosts. InsightVM also indicates the number of Kubernetes pods specific container images have been deployed to.
Users are also able to focus on individual images and gain a deeper understanding of its deployment in Kubernetes environments.
In the containers section of the Image Details page, users can see the namespaces and pod names in which the container image has been instantiated.
The namespaces section identifies the Kubernetes namespaces to which the container image has been deployed.
The Kubernetes Containers tab displays a complete burndown of all the containers identified via the Kubernetes Monitor and in the following columns:
We think that this new feature will provide enormous benefits to customers who leverage Kubernetes.