SupportContactLogin
Live Demo
Blog
Blog   >   Application Infrastructure Protection   >   Threat Stack’s Network Access Control Cybersecurity: Improvements Through Customer Collaboration

Threat Stack’s Network Access Control Cybersecurity: Improvements Through Customer Collaboration

The benefits of working on the cloud far outweigh the risks, yet recent crypto-jacks and cyber-attacks on both the app/API and infrastructure levels prove how fragile cloud-based operations can be. Security industry experts note that cloud-native cybersecurity must be an ever-evolving process, with continuous compliance, Continuous Process Analysis (CPA) and Continuous Process Improvement (CPI) as a hallmark of companies that take cloud-based cybersecurity and compliance seriously.

Network Access Control helps prevent crypto mining and other cybersecurity risks

Leading cybersecurity companies using continuous improvement and continuous compliance are always researching and releasing new versions of their security solutions. Most importantly, those solutions should be developed by talking to and working in concert with customers, especially those interested in governance, risk, and compliance (GRC), to address the vulnerabilities and risk scenarios that concern them most.

 

Previewing New Network Access Control Capabilities

Threat Stack’s newest release, Agent version 3.1, offers the following characteristics in the network access control functionality available through an Early Access Program:

  • This agent allows for global and process-specific constraints to be implemented
  • The agent allows you to define network access control policies you want to implement
  • It can either block and / or report policy violations
  • Agent v3.1 defines allowed or restricted source and destination IP addresses, IP address ranges (CIDRs) and/or domain names

The deployment of the network access controls is simplified by having the ability to configure the agent to only report which network flows would have been allowed or restricted (i.e., when policies are not enforced). Based on these reports, once your organization  is ready to enforce controls, the agent can be configured accordingly.

 

Restricting Network Hosts = Increased Security + Compliance

The initial benefit of Threat Stack’s improved functionality is not only increased security, but also improved compliance, with the assurance that only certain network hosts are allowed to communicate with specific processes (or with the entire host). In addition, these benefits are provided with minimal overhead. How? This feature is implemented by means of eBPF technology, which safely extends the capabilities of the kernel without requiring changes to kernel source code or load kernel modules.

While IP addresses do not provide guarantees about the identities of the entities with which the processes (or the host) are communicating, they do provide required functionality for certain use cases and applications. As this technology is tested, improved and extended, the  goal is to allow F5/Threat Stack’s  platform to trigger a variety of host-based actions to mitigate potential threats that it detects.

 

Additional Operating Systems, Cloud Environment and Container Improvements

Threat Stack’s  Agent version 3.1 release also features:

  • Support for running the agent on Ubuntu 22.04
  • Enhanced Google Cloud support: additional telemetry on instance details and running image identifier are provided

In addition, File integrity Monitoring (FIM) and container features are improved:

  • Support for FIM on container’d host mounts, meaning that FIM can protect more types of mounts
  • Container image size has been reduced by over 50%. This improvement translates into less storage and shorter container start times
  • File integrity is now supported on containers started after the agent has been launched

Early Access / Trial: New Host-Based Control through Process Sandboxing

Threat Stack’s Agent version 3.1, part of Threat Stack / F5’s cybersecurity solution, is an example of the cooperative teamwork between us and our customers.

What is Process Sandboxing?

The functionality known as process sandboxing is the foundation of the host-based control capabilities that the Threat Stack agent will be gradually launching. The Agent version 3.1 release (late August 2022) includes the first host-based control which supports allowing or restricting of host-wide and process-specific network flows.

[Note: While this functionality is not generally available, it is an example of how Threat Stack / F5 works with selected customers to run Proof of Concepts (POC) to obtain CPI and continuous compliance. With the help of our Sales Engineering and Support groups, these functionalities are tested and refined with POC customers, to help all our customers run on increasingly safe cloud-native infrastructure environments.]

 

Contact Threat Stack / F5’s Application Infrastructure Protection Experts

To find out more about the continuous process analysis, continuous compliance, and product improvement program with Threat Stack’s Application Infrastructure Protection solution, including how you can participate in governance, risk and compliance (GRC) to make your cloud-native infrastructure more secure, please contact us at [email protected]