Container security vendor StackRox emerged from stealth mode today, alongside the launch of its adaptive threat protection platform and $14 million in venture funding led by Sequoia Capital.
StackRox enters the increasingly crowded space of container security vendors, which already includes Twistlock, Aqua Security, Docker Inc., CoreOS, Capsule8 and NeuVector, among others. Sameer Bhalotra, CEO and co-founder of StackRox, is confident that his firm has a differentiated offering that will help organizations better secure container deployments. Bhalotra spent a decade in the U.S. government working on national security issues, including serving as senior director for cyber-security on the National Security Council at the White House during President Obama’s first term in office.
“What I learned while working in the government is the seriousness of threat actors,” Bhalotra told eWEEK.
StackRox was founded in 2014 and remained in stealth mode until now while the company built its security technology platform. Bhalotra said the vision of StackRox is to use containers to improve security for enterprises.
“We ingest and distill a lot of data that includes system and Docker calls as well as network data,” Bhalotra said. “With all the data, we have high-resolution container visibility and we can see everything that the whole container stack is doing and then provide precise security alerts.”
With StackRox, Bhalotra said the platform provides adaptive threat protection for container workloads that can stop multiple classes of attacks including code injection, privilege escalation and data exfiltration.
He added that a goal of StackRox is to help unify key threat protection capabilities such as Web Application Firewall (WAF), Endpoint Detection and Response (EDR) and Intrusion Prevention System (IPS) for containers.
The approach that StackRox is taking to monitor container behavior involves a full-stream of data analysis and machine learning, according to Bhalotra. He explained that part of the three years the company spent developing the platform were used to build a proprietary high-speed data throughput and collection engine.
“StackRox is deployed as a bunch of containers that collect data that is analyzed by our behavior model,” Bhalotra said.
The StackRox security platform can work both with Docker and multiple container orchestration systems including Kubernetes. The StackRox platform does not rely on a back-end cloud and can be deployed by organizations on-premises.
“We have global 2000 companies as our design partners and now our customers, and they did not want raw data to leave their organizations,” Bhalotra said. “The whole StackRox platform works on-premises.”
Beyond just visibility and detection of threats, StackRox provides enforcement capabilities to block risks as well.
“We didn’t want alerts to just go to the SOC [security operations center],” he said. “We’re security people and we wanted to block attacks, and now we have an extremely robust suite of enforcement actions to block or prevent attacks.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.