Chainguard releases native software supply chain security tool for Kurbernetes
We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, security company Chainguard announced its first product, Chainguard Enforce, an open source supply chain security tool that’s built natively for Kubernetes.
The solution enables users to define, manage, and distribute security policies across their Kubernetes environments to ensure that only trusted container images are deployed in clusters.
For enterprises, Chainguard Enforce enables security teams to mitigate supply chain threats in Kubernetes production environments, by giving them more control over what’s allowed and offering more transparency over the code running.
Securing the supply chain
Chainguard Enforce’s launch comes as more organizations are becoming increasingly concerned over cyber criminals attacking vulnerabilities in the software supply chain, with research highlight that supply chain attacks grew by over 300% in 2021 compared to 2020.
These attacks have increased dramatically as attackers have realized organizations are failing to secure infrastructure from third party suppliers.
For instance, CrowdStrike found that only 36% of organizations had vetted all new and existing suppliers for security purposes in the last 12 months.
“Most organizations don’t have a clear picture of what code is running in production, where it came from and how it was built. This problem is compounded with the use of open source software and the sheer number of dependencies that are intertwined. It’s impossible to decide what code should be trusted or not when the data simply isn’t available to make those decisions,” said Chainguard co-founder and CEO Dan Lorenc.
“Furthermore, organizations spend an exorbitant amount of time after a supply chain attack trying to assess if they’re running the vulnerable software and impacted. Chainguard Enforce provides the integrations, tooling insights, and security-controls that make this problem tractable,” Lorenc said.
Chainguard Enforce makes the security concerns of production environments more manageable for security teams by increasing transparency over what’s running while giving them the information they need to make evidence-based trust decisions for what should and should not be allowed to run in production.
The software supply chain security market
With the SolarWinds breach first highlighting the need for supply chain security two years ago, and more recently the Log4j vulnerability wreaking havoc on enterprises around the world, many security providers have stepped up to address the challenge of securing the supply chain, to compete with Chainguard.
One such competitor is Synopsys, which offers an application security solution with software composition analysis that can detect open source vulnerabilities in development and production. Synopsys recently announced that it had generated $1.152 billion in revenue for the fourth quarter of 2021.
Another competitor is the recently launched Israeli startup, Legit Security, which earlier this year raised $30 million as part of a Series A funding round, with a Saas-based software supply chain protection solution, that can automatically discover pipelines, infrastructure, code, and other Software Development Life Cycle (SDLC) assets, so users can identify vulnerabilities throughout their environments.
While the supply chain security market is in its infancy, Chainguard Enforce is looking to differentiate itself by becoming the definitive supply chain security solution for securing the Kubernetes services that so many organizations rely on.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.
Source: Read Full Article