Trend Micro Cloud One™Container Security
Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection
Security earlier
Implement container image scanning earlier in your build pipeline, scanning new images as they’re built and providing continuous zero-day protection after images are published. Automated scanning and response provide instant feedback to your developers about the presence of threats and vulnerabilities.
Trusted enforcement
Make centralised container admission control part of your container security enforcement. Trend Micro provides policy-based management of images, allowing security teams to select and define the rules for how Kubernetes administered containers are permitted to be deployed.
Complete protection
Automate vulnerability detection of malicious traffic and protection of your containerised applications – from build time to runtime. Gain in-depth security coverage built into your CI/CD processes to address container risks for stronger protection.
Kubernetes 1.8.7 or higher
Helm/Tiller 2.8.1 or higher
Docker 17.06 or higher
Complete Cloud-Native Application Security
Security teams can be assured that protection and enforcement are applied to container builds, deployments, and runtime workflows.
Provides security for Kubernetes®-deployed containers, all from one unified solution
Reduces disruption of development schedules with unmatched research, automated detection of threats, and non-intrusive security for the CI/CD pipeline
Designed for modern cloud-native application development and mitigates the risk associated with rapid deployments of microservices
Ensures protection and enforcement are applied to container builds, deployments, and runtime workflows
Detect threats prior to runtime
Uncover vulnerabilities, malware, and sensitive data, such as API keys and passwords, within your container images, including source-code analysis powered by Snyk
- Invoke unlimited, detailed scans with recommended fixes at any stage of your pipeline
- Minimise false positives by correlating patch layers with packages that are vulnerable in the same image
- Address vulnerabilities before they can be exploited at runtime
- Enable developers to address security bugs before deployment
Continuous security with container runtime protection
Enable runtime protection for all your containerised applications.
- A SaaS platform for cloud-native security, including host, container, and serverless container requirements
- Runtime protection deployed within the cluster, for all containerised applications within each node
- Greater visibility into attempts to run disallowed commands or illegally access files
- Runtime protection builds a model of expected behaviour via Learning Mode
- Automated management tasks and policy via code, as part of a CI/CD pipeline
Flexibility to fit into your pipeline
Effective security for containers begins with simplified administration of protecting images.
- Deploy as a Kubernetes® helm chart for easy integration into your software-build pipeline
- Configure authorised users and groups accordingly for role-based access
- Allow or block scanned image deployments based on scanning policies or through native integration with Kubernetes object properties
- Share common policies across multiple pipelines and remove the need to hard-code rules to deal with scan results
- Enable developers to easily review scan results through their command line or tool suite scripting language
Trusted expertise
Gartner Market Guide for Cloud Workload Protection Platforms
Trend Micro ranked #1 in IDC’s Worldwide Hybrid Cloud Workload Security Market Shares report
Trend Micro named a leader with highest score in the current offering and strategy categories in The Forrester Wave™: Cloud Workload Security, Q4 2019
Other Cloud One services
Trend Micro Cloud One™ – Container Security is part of Trend Micro Cloud One™, a security services platform for cloud builders, which includes:
Get started with Container Security