ARMO adds CIS benchmark to Kubescape to boost Kubernetes security and compliance scanning

Kubescape can now automatically scan Kubernetes clusters against the the CIS benchmark, identify compliance gaps, suggest remediations, and monitor for drift

TEL AVIV, Israel, Oct. 26, 2022 /PRNewswire/ --  ARMO, the company behind the open source Kubernetes security platform Kubescape, today announced that Kubescape now includes security and compliance scanning of Kuberneters based on the Center for Internet Security (CIS) Kubernetes benchmark.

One of the Center for Internet Security's industry standard benchmarks, the CIS Kubernetes benchmark is one of the most comprehensive security frameworks for Kubernetes, distilling best practices and standards into a rigorous set of checklists. With the new addition to Kubescape, users can now scan their Kubernetes clusters against the CIS Kubernetes framework.

The CIS Kubernetes benchmark is supported by Kubescape alongside other security frameworks including NSA-CISA and MITRE ATT&CK®. Users can use all frameworks, choose just their preferred framework, or customize their own customized framework, choosing which controls to include or exclude from the scans.

Kubescape shows which CIS controls a Kubernetes infrastructure passes, which tests fail and precisely what caused the failure. Exposing the root causes of security benchmark failures, Kubescape's assisted remediation also suggests how to fix the problems and harden Kubernetes so that the tests will pass at the next scan.

Kubescape calculates risk scores based on the CIS Kubernetes framework and tracks them over time to show how organizations are improving their security posture or drift from standards. It can also generate reports based on the CIS framework for management, audits and compliance certification such as SOC 2, PCI, NIST, HIPAA, and others. Uniquely, Kubescape is the only open source solution that automates the entire process from scanning to remediation through to reporting.

Because Kubescape runs automatically throughout the CI/CD pipeline, scanning against the CIS Kubernetes benchmark and other frameworks takes place across the software development lifecycle, from the moment the first YAML line is written, committed to a repository, and all the way through to production.

"The CIS Kubernetes benchmark is the leading framework used for compliance purposes," said Shauli Rozen, CEO & co-founder of ARMO. "I am thrilled that now Kubescape makes it easier than ever to scan Kubernetes and CI/CD pipelines using the CIS baseline, and to get clear, transparent guidance on how to fix failed controls and reach compliance. We heard from the Kubescape community that CIS benchmark support was a much-demanded requirement, and see incorporating it as another step in Kubescape's journey to become a complete end-to-end open source Kubernetes security solution."

About ARMO

ARMO, the creator of Kubescape, is on a mission to create the first Kubernetes end-to-end open-source security platform, built for devops, and trusted by security.

ARMO takes a broad and comprehensive approach to offering an open-source platform that assures DevOps, DevSecOps, and developers that every workload, cluster, container, and microservice is born and remains secure from development to production, and from configuration to run-time, every time.

Kubescape is a Kubernetes open-source platform providing a multi-cloud Kubernetes single pane of glass, including risk analysis, security compliance, misconfiguration scanning, RBAC visualizer and image vulnerabilities scanning.

Contact:
Lazer Cohen
[email protected]
347-753-8256

SOURCE ARMO