Securing Red Hat OpenShift Using Prisma Cloud
Dec 10, 2020
4 minutes
178 views
This post is also available in: 日本語 (Japanese)
Palo Alto Networks is a Red Hat® OpenShift® Ready Partner, helping organizations across government, healthcare, financial services and the intelligence community secure their cloud native environments on OpenShift.
Red Hat OpenShift is an enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multi-cloud deployments. The Red Hat OpenShift Container Platform runs across on-premises and public cloud infrastructure, enabling a hybrid approach to how applications can be deployed as a self-managed solution.
Red Hat OpenShift is available in several offerings, with specific versions for popular cloud providers. OpenShift Dedicated is a fully managed service of Red Hat OpenShift on Amazon Web Services (AWS) and Google Cloud. Microsoft Azure OpenShift 4 is also available as a fully managed offering on Microsoft Azure. It reduces operational complexity and lets users focus on building and scaling applications that add more value to the organization.
Prisma Cloud is the industry’s most comprehensive Cloud Native Security Platform (CNSP) that provides security protection for organizations building and deploying on Red Hat OpenShift environments. Prisma Cloud is consumable via a SaaS console or as a native OpenShift application, which includes support for fully air-gapped environments.
A Strong Partner with Red Hat
The Palo Alto Networks connection to Red Hat goes back to Twistlock, which was acquired by Palo Alto Networks in July 2019 and is now fully integrated as part of Prisma Cloud. Twistlock provided an open source contribution to the Docker authorization plugin as part of OpenShift and supported dozens of customers using OpenShift in product development.
Prisma Cloud’s compute security capabilities cover:
Vulnerability Detection and Prevention
Identify vulnerable images and prevent them from deploying across your environment, with alerting and enforcement policies covering the entire CI/CD process. Prisma Cloud uses Red Hat-specific vulnerability data, resulting in incredibly precise, layer-aware vulnerability analysis with high accuracy.
Compliance Management
Users can easily monitor compliance for Docker, Kubernetes and Linux against CIS Benchmarks, as well as external compliance standards and custom requirements.
Advanced Threat Intelligence
Use aggregated vulnerability information from more than 30 sources along with our internal threat labs, including built-in coverage of Red Hat CVEs directly from the Red Hat OVAL feed, and custom-developed and tested seccomp policies for common OpenShift workloads.
Runtime Defense
Protect OpenShift environments at scale with machine learning that automatically creates runtime models for every image deployed in every pod in OpenShift, hunts for anomalies and automatically prevents breakouts/attacks.
Cloud Native Firewalls
Visualize applications and protect against any Layer 4 network attacks by whitelisting inter-pod and service communication. Automatically detect and prevent threats to applications with a Layer 7 web application firewall.
Access Control
Establish and monitor access control measures for OpenShift clusters, Docker and Kubernetes while integrating with identity and access management (IAM) and secrets management tools, along with other core technologies.
Open Container Standards Support
Support open container standards like runC and containerd, and work with runtimes including Docker, cri-o and cri-containerd.
New Red Hat-certified Prisma Cloud Operators
Red Hat certified the updated Prisma Cloud operators, which are now available in the Red Hat catalog and in the open source Kubernetes operators hub.
You can easily click and deploy Prisma Cloud with the operator from inside your OpenShift Container Platform portal. Documentation explains how to install the operator and the console on your OpenShift clusters.
Support for OpenShift 4.x Versions
With the latest release, Prisma Cloud supports OpenShift 4.2, 4.3, 4.4 and 4.5.
Azure Red Hat OpenShift Whitelists Prisma Cloud
Azure Red Hat OpenShift (ARO) is a managed OpenShift environment that doesn’t allow users to run privileged containers. Tools for monitoring and security require the containers/pods to run with privileges to support deep monitoring and security policy enforcement.
However, Red Hat and Microsoft have whitelisted Prisma Cloud, which allows users to run defenders on ARO clusters, enabling them to secure container deployments. For more information, refer to the Azure documentation.
Getting Started with Prisma Cloud and OpenShift
Prisma Cloud provides you a secure way to build and deploy containerized applications across any Red Hat OpenShift platforms. To learn more about Prisma Cloud, visit the product page, or start with a free 30-day trial.
Related Blogs
Our library of online content is here to help you learn more, no matter what format you prefer or which topic interests you most.
Subscribe to Cloud Native Security Blogs!
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.