“Organizations need cloud security solutions that can secure their cloud assets at the speed of business,” said Guy Gertner, VP Product Management, SentinelOne. “It is critical to defend cloud and container workloads, but any solution that impacts the flexibility, speed, and agility of development defeats the whole purpose of going cloud. SentinelOne distinctly understands the need to secure the cloud without interference, and we are happy to deliver a cloud security solution that furthers our customers’ IT and business objectives.”
One of the defining principles of cloud-native workloads is the self-contained architecture they are built from immutable images containing everything the application needs to run. While security is a concern, any proposed security solution must not disturb the workload’s dynamic nature. Most container solutions today rely on creating allow-lists, white-listing everything that is cleared to run in the container, and identifying anything else as a threat to be mitigated. However, these existing solutions are flawed: whether pre-deployment scanning or learning during runtime, today’s container security products either inhibit agility, require too much labor, or miss legitimate threats.
The SentinelOne solution offers a default deny mode for containers to prevent unauthorized changes to production workloads. The engine requires no special configurations and does not add complexity or delay to the software delivery chain. Designed to protect container workloads from the get-go, whether they run as Kubernetes pods or as plain containers in Docker servers, the engine is enabled with one simple click and deploys in seconds.