Trend Micro Cloud OneContainer Security

Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection

Security earlier

Implement container image scanning earlier in your build pipeline, scanning new images as they’re built and providing continuous zero-day protection after images are published. Automated scanning and response provide instant feedback to your developers about the presence of threats and vulnerabilities.

Trusted enforcement

Make centralised container admission control part of your container security enforcement. Trend Micro provides policy-based management of images, allowing security teams to select and define the rules for how Kubernetes administered containers are permitted to be deployed.

Complete protection

Automate vulnerability detection of malicious traffic and protection of your containerised applications – from build time to runtime. Gain in-depth security coverage built into your CI/CD processes to address container risks for stronger protection.
Product overview

Demo:
Product overview
Container Security

Datasheet:
Container Security
Container Security Architecture

Architecture Diagram:
Container Security

Kubernetes 1.8.7 or higher

Helm/Tiller 2.8.1 or higher

Docker 17.06 or higher

Complete Cloud-Native Application Security

Security teams can be assured that protection and enforcement are applied to container builds, deployments, and runtime workflows.

Machine learning icon

Provides security for Kubernetes®-deployed containers, all from one unified solution

Machine learning icon

Reduces disruption of development schedules with unmatched research, automated detection of threats, and non-intrusive security for the CI/CD pipeline

Machine learning icon

Designed for modern cloud-native application development and mitigates the risk associated with rapid deployments of microservices

Machine learning icon

Ensures protection and enforcement are applied to container builds, deployments, and runtime workflows

Detect threats prior to runtime

Uncover vulnerabilities, malware, and sensitive data, such as API keys and passwords, within your container images, including source-code analysis powered by Snyk

  • Invoke unlimited, detailed scans with recommended fixes at any stage of your pipeline
  • Minimise false positives by correlating patch layers with packages that are vulnerable in the same image
  • Address vulnerabilities before they can be exploited at runtime
  • Enable developers to address security bugs before deployment

Confidently deploy containers with admission control policy

Detect security issues early, enforce admission policies, and be assured only compliant containers run in production.

  • Build a security policy based on container image scanning and detection of secrets, keys, malware, and vulnerabilities
  • Allow images that only meet specific application or organisation security policies to proceed through the pipeline
  • Select from advanced policies, such as disallowing images set as privileged containers, or allow exceptions based on names or tags
  • Run powerful enforcement and compliance checks, and extend Kubernetes admission control
  • Get support for leading cloud service providers — Amazon Elastic Kubernetes Service (Amazon EKS), and Azure Kubernetes Service (AKS)

Continuous security with container runtime protection

Enable runtime protection for all your containerised applications. 

  • A SaaS platform for cloud-native security, including host, container, and serverless container requirements
  • Runtime protection deployed within the cluster, for all containerised applications within each node
  • Greater visibility into attempts to run disallowed commands or illegally access files
  • Runtime protection builds a model of expected behaviour via Learning Mode
  • Automated management tasks and policy via code, as part of a CI/CD pipeline

Flexibility to fit into your pipeline

Effective security for containers begins with simplified administration of protecting images.

  • Deploy as a Kubernetes® helm chart for easy integration into your software-build pipeline
  • Configure authorised users and groups accordingly for role-based access
  • Allow or block scanned image deployments based on scanning policies or through native integration with Kubernetes object properties
  • Share common policies across multiple pipelines and remove the need to hard-code rules to deal with scan results
  • Enable developers to easily review scan results through their command line or tool suite scripting language

Trusted expertise

Other Cloud One services

Trend Micro Cloud One™ – Container Security is part of Trend Micro Cloud One™, a security services platform for cloud builders, which includes:

Workload Security Runtime protection for workloads (virtual, physical, cloud, and containers)

File Storage Security Security for cloud file and object storage services

Application Security Security for serverless functions, APIs, and applications

Network SecurityCloud network layer IPS security

Conformity Cloud security and compliance posture management

Get started with Container Security