ARMO’s new security-boosting summer cocktail:  Layered Vulnerability Scanning, SBOM View, and new Auto-Generated Network Policies

This summer ARMO is proud to announce a batch of new features designed to enhance your cloud security posture. We developed groundbreaking capabilities for in-depth vulnerability scanning, simplified vulnerability management with SBOM view, and streamlined network policy generation for two popular CNIs, Calico and Cilium.. We invite you to explore these new features and discover how they can add to your organization’s security. Let’s go:

Introducing Layered Vulnerability Scanning – identify risks in image layers

We are thrilled to announce Layered Vulnerability Scanning. This advanced capability enables you to identify vulnerabilities within the individual layers of your container images, providing comprehensive security insights and helping enhance your overall security posture. It does so by analyzing each layer of your container images. Breaking down the image into its constituent layers allows for a granular vulnerability assessment, ensuring that potential security risks are identified and addressed at every level.

Feature Highlights

1. Enhanced vulnerability detection
   1. Comprehensive scanning – ensures that all parts of the container image, including base images and additional layers, are scanned for known vulnerabilities.
   2. Thorough risk assessment – by not skipping any layer, a vulnerability is much less likely to be missed.
2. Improved remediation efficiency
   1. Targeted fixes – knowing which layer contains the vulnerability allows for precise fixes without the need to rebuild the entire image, saving time and resources.
   2. Prioritized responses – detailed reports enable prioritization of remediation efforts based on the severity and impact of vulnerabilities found in different layers.
   3. Efficient fixing – using the image layers, you can now direct the CVE to the right team to handle the fix.
3. Granular security analysis

• In-depth inspection – by analyzing each layer of a container image, you can identify vulnerabilities that might be hidden in specific components, leading to a more comprehensive security assessment.
• Layer-specific insights – detailed information about vulnerabilities in each layer helps pinpoint exactly where the risks are, facilitating targeted remediation.

Introducing SBOM View – a new way to uncover vulnerabilities 

We are excited to announce the latest addition to ARMO Platform: SBOM view – an easily understandable view of scan results and analysis of your software applications. This feature leverages the Software Bill of Materials (SBOM) to identify vulnerabilities within your applications and infrastructure.It does so by generating a comprehensive list of all the components and their dependencies (the SBOM), which allows for thorough vulnerability assessments, ensuring that no security risk goes unnoticed.

Feature Highlights

In addition to the the existing SBOM Generation and Vulnerability Scanning, we added the two following features to complete the processing of data to information:

1. Detailed Reporting – allows you to receive detailed reports highlighting identified vulnerabilities, their severity, and recommended remediation actions.

2. Continuous Monitoring – helps you keep track of new vulnerabilities as they are discovered and updates your SBOM regularly to maintain a secure environment.

Introducing auto-generation of Calico and Cilium network policies

We are happy to announce that we have enhanced auto-generation of network policies for ARMO Platform. Following the successful launch of auto-generated Kubernetes Network Policies, we now offer auto-generation of Calico and Cilium network policies. These features streamline the traditionally manual and error-prone process of network security. 

Feature Highlights

In addition to the already existing auto-generation of Kubernetes network policies, we have added support for Cilium and Calico Network policies. In this way teams can take advantage of the capabilities of their chosen CNI. As with Kubernetes-native network policies users can receive output in yaml or graph form. 

1. Auto-generation of Calico Network Policies 

2. Auto-generation of Cilium Network Policies

That’s it, for now, for summer 2024. If you’d like to learn more about those features feel free to book a demo or simply try ARMO Platform for free.