Meet the Security Startups at KubeCon + CloudNativeCon North America 2018

KubeCon + CloudNativeCon is The Cloud Native Computing Foundation’s flagship conference gathering adopters and technologists from leading open source and cloud native communities in Seattle, WA from December 10–13, 2018.

Given the recently discovered vulnerability in ​Kubernetes, the popular cloud container orchestration system, we thought it would be prudent to dedicate a post to highlight and provide an overview of the various security solutions present at the conference.

These are all the startups present at KubeCon, 7 of which highlighted below offers innovative security solutions.

Aporeto

Links: Website, Crunchbase, Twitter

Funding: Norwest Venture Partners, Data Collective DCVC

Company Overview: Aporeto is a Zero Trust security solution for microservices, containers and the cloud. The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload. Aporeto alleviates reliance on un-manageable error-prone IP white-list policies. A distributed homogenous security policy is enforced per workload independent of network or infrastructure configuration, enabling uniform security orchestration across multi-cloud environments.

CryptoMove

Links: Website, Crunchbase, Twitter

Funding: Social Capital, Draper Associates, Alchemist Accelerator, & CISOs, founders, early investors, and security leaders from Palo Alto Networks, FireEye, Palantir, Facebook, Google, Cloudflare, Juniper, Cisco

Company Overview: CryptoMove is an enterprise security startup commercializing moving target defense technology. CryptoMove Tholos’ top use case is for API key, secrets, and config management for kubernetes and cloud-native applications. Per Twsitlock’s review, One of the challenges of the recent kubernetes vulnerability was that the attacker could make valid API calls using the kubernetes API server after compromise. By tracking API calls using CryptoMove Tholos, anamolous behavior even from authorized insiders might be possible to detect and then quickly rotate or revoke access as needed. Good secrets management with automated tooling can improve not just protection of secrets from unauthorized outsiders but from insiders (or those pretending to be) as well.

MTD flips the attack/defense asymmetry and turns attackers’ #1 advantage — time — into a disadvantage. Its positive effects can be quantified with game theory & risk-based threat modelling. CryptoMove’s globally patented technology protects any kind of data or keys with dynamic and continuous movement, fragmentation, mutation, distribution, and re-encryption. CryptoMove Tholos is a key vault and secrets management product for cloud-native devops security. The flexibility and scalability of cloud-based infrastructure is a major driver in transforming moving target defense from a theoretical approach to a practical solution.

Kasten

Links: Website, Crunchbase, Twitter

Funding: No funding information available

Company Overview: Kasten is a data protection and mobility platform for Kubernetes. Their platform, called K10,enables backup, recovery, migration, and copy management for stateful Kubernetes applications at scale in public, private, or hybrid cloud environments.

Lacework

Links: Website, Crunchbase, Twitter

Funding: Sutter Hill Ventures, AME Cloud Ventures

Company Overview: Lacework is a SaaS platform delivering automated security and compliance controls to customers running in AWS. Where traditional security tools and reactive log analysis fail in public cloud environments, Lacework automates configuration compliance, host intrusion detection, and incident resolution for AWS customers to keep their cloud workloads secure.

NeuVector

Links: Website, Crunchbase, Twitter

Funding: Hummer Winblad Venture Partners, TSVC, Fusion Fund

Company Overview: NeuVector delivers the first and only multi-vector container firewall. NeuVector enables the confident deployment of enterprise-wide container strategies, across multi-cloud and on-prem environments. NeuVector delivers east-west container traffic visibility, container protection, and host security in a highly integrated, automated security solution.

Octarine

Links: Website, Crunchbase, Twitter

Funding: Sorenson Capital

Company Overview: Octarine is a zero-trust security solution that authenticates workloads, authorizes access, and encrypts communications to keep enterprise cloud apps secure. Octarine automates the design, installation, and ongoing operations of enterprise runtime and cloud-native security, making it simple to maintain security and compliance as you transition to cloud-native apps.

Wallarm

Links: Website, Crunchbase, Twtter

Funding: YC, Toba Capital, Partech

Company Overview: Wallarm Platform provides automated dynamic protection against the OWASP top 10, application DDoS, account takeover, bots, and others threats with high accuracy and low false positives. The solution relies on centrally managed distributed filtering nodes — deployed directly in the customer cloud environment. Both the application traffic and the SSL keys always remain within the customer infrastructure, ensuring chain of trust and compliance. Nodes are available for Amazon AWS, Google GCP, Microsoft Azure, and private clouds.