The next generation of Kaspersky Hybrid Cloud Security now safeguards software
development operations (DevOps) environments. The product has been updated to enable
protection for containers and has added container, image and repository scanning
capabilities for integration with continuous integration and delivery pipelines (CI/CD).
Also, to support businesses use of a wide range of public cloud platforms, Kaspersky Hybrid
Cloud Security adds protection for Google Cloud.
Supply-chain attacks that affect software development, such as when a malicious piece of
code is addedto legitimate software,are effective tools for cybercriminals. For example, this
method was used in a ShadowPadattackwhere a backdoor was embedded into a popular
legitimate business software product’s code library.Supply-chain attacks also strike open
source repositories, such as whenDocker Hubfound17 backdoored container images, or
whenRubyGemscaused users to download725 malicious packages almost 100,000 times.
Protection from such supply-chain attacks is essential for software developers, althoughit
can be hard to find an effective security tool because validating the integrity offast-changing development environments on-demand is often technically challenging. A
cybersecurity solutionshould also not affect an application’s time to market orthe overall
flexible approach to IT that DevOps is accustomed to, such as being able to scale cloud
workloads up and down or use different open source tools.
Kaspersky Hybrid Cloud Security reconciles the two worlds –DevOps and IT security. It
helpsbusinesses to integrate security tools into the development process to minimize the
risk of container compromise and supply-chain attacks,without impacting development
speeds.
The product now enables Docker containerization environments to be protected through
granular AV scanning.Using file threat protection, it scans containers and images and all
their layers to reveal threats. The scanning can be performed as objects are accessedin the
namespaces of running containers (on-access scan, OAS) andwithin tasks with flexible
scope control (on-demand scan, ODS). It also allows kernel memory scanning.Added
network andweb threat protectionensures safe internet traffic andthe prevention of
network attacks on Linux hosts and containers.
Screenshot of container scan task settings: selection of containers and images for scanning,
setting up actions on threat detection and enabling/disabling scanning by layers
Kaspersky Hybrid Cloud Security safeguards the use of public repositories and prevents
supply-chain poisoning. Software developers can add security steps into continuous
integration and continuous delivery (CI/CD) pipelines including TeamCity or Jenkins
Pipeline, among others. Integration is available via command-line and application
programming interfaces (CLI and API) that allow developers to run scripts in pipeline
management tools,for container and repository image scanning at different stages.
Users of public cloud platforms for software development and other business needs can
choose from more options, as the product can nowbe integrated with Google Cloud – in
addition to existing offerings, such as AWS and Microsoft Azure. Kaspersky Hybrid Cloud
Security can be seamlessly extended to a customer’s workloads in Google Cloud. Security
management for cloud environments is available through a single control panel in
Kaspersky Security Center.
“Continuoussoftware development is a unique environment that needs a specific
cybersecurity approach. To stay nimble, DevOps may go as far as bypassing formal IT approval processes, making it a challengeto build cybersecurity into the development
journey. However, it is important to leverage containers securely to reduce the risk of unknowingly embedding malicious code into software,as was found in theRubyGemsattack
and other cases. Kaspersky Hybrid Cloud Security helps businesses find a way out of this challengethrough a win-win scenario where IT security and DevOps cooperate. The solution
provides understandable tools for DevOps that don’t affect their processes; and it helps IT security teams to put in place aproven protection layer for the part of the infrastructure
that may not yet be covered,” comments Andrey Pozhogin, Senior Product Marketing Manager, Kaspersky.