StackRox Reviews & Pricing

Key Features

• Visibility:  
  •  Offers a comprehensive threat summary to security and DevOps teams. 
  •  Discover, identify and analyze container images for all image registries. 
  •  Explore and visualize network traffic with any CNI plugin. 
  •  Provides visibility into workflows to avoid compliance issues. 
  •  Identifies risks in processes, deployments and communications based on containers working in test or production mode. 
• Vulnerability Management:  
  •  Identifies vulnerabilities in container images with a built-in image scanner. Facilitates runtime threat discovery for faster remediation. 
  •  Block vulnerable deployments and repair failed builds using developer details. 
  •  Enforce policies throughout the entire threat cycle based on vulnerability data. 
• Compliance Regulations: Conducts standard-specific checks with 300+ controls and regular compliance assessments. 
  •  Scans systems not complying with various regulations like CIS Benchmarks, NIST SP 800-190, PCI DSS and HIPAA. 
  •  Access compliance details based on Kubernetes boundaries like nodes, clusters and namespaces or specific standards. 
  •  Generate PDF reports to analyze organizational compliance status from a single dashboard. 
  •  Enforce custom policies to prevent building or deployment of assets violating rules. 
• Network Segmentation:  
  •  Visualize network traffic for secure configurations. Interprets YAML files that embed network policies in Kubernetes. 
  •  A network policy simulator monitors policy changes to reduce operational risks. 
  •  Leverage network enforcement capabilities for portable and scalable network segmentation. 
  •  Extends security visibility to the Istio service mesh for a better understanding of network traffic. 
• Risk Prioritization & Profiling: Ranks deployments based on their holistic security risk and offers details about threats, configurations and processes requiring instant actions. Multi-factor risk profiling includes details like network exposure, suspicious operations running, misconfigurations and more. 
• Threat Detection: Combines whitelists, regulations, pre-defined policies and behavioral modeling to detect threats. 
  •  Automates identification of unknown procedures to eliminate the manual selection of allow lists. 
  •  Leverages data from build and deployment phases to strengthen runtime protection. 
• Incident Response: Automates incident response to tackle suspicious runtime behavior. Accelerates forensic investigations and provides native integrations with Sumo Logic, PagerDuty, Splunk and more for better security insights and efficient response. 

Limitations

•  Pre-installed network policies don’t have satisfactory profile enforcement rules. 
•  Creating custom configurations isn’t easy. 

Suite Support