Balance innovation and agility with security and compliance
risks using a 3-step process across all cloud infrastructure.
Step up business agility without compromising
security or compliance
Everything you need to become a Kubernetes expert.
Always for free!
Everything you need to know about Magalix
culture and much more
CIS Benchmarks, a set of cybersecurity best practices, is now a standard at Magalix. We’ve mapped CIS Benchmark controls to Magalix Policies so that you can sort, filter, and group by this standard. Check your cluster’s security posture against the CIS Benchmark alongside the existing PCI DSS and MITRE ATT&CK standards.
Also included with this release is an update to our Reporting module. Generate reports based on CIS Benchmark compliance and use those same Policies to help your organization shift security left. Understand which controls are in violation, which entities are violating them, and what remediation steps are.
Running a CIS Benchmarks tool against a cluster (or hundreds of clusters) is something a lot of people do as soon as they first hear about the CIS Benchmark. The urgency stems from what the output of these tools can tell them about their cluster in regards to overall best practices. Before getting into a deeper dive of our CI Benchmark Policies, let’s dive deeper into CIS Benchmarks and what it means for Kubernetes.
The Center for Internet Security (CIS), established in 2000, is a non-profit organization driven by a global IT community with a mission of “identifying, developing, validating, promoting, and sustaining best practices for cyber defense.”
For a strong security posture, the CIS has put forward a set of recommendations, CIS Benchmarks, for configuring Kubernetes to minimize the risk of security breaches due to misconfigurations.
The CIS Benchmarks for Kubernetes best practices is an excellent first step for organizations to secure their infrastructure, harden their Kubernetes environments, and provides prescriptive guidance for establishing a secure configuration posture.
Recommendations sections are categorized by:
The CIS Benchmarks policy pack saves teams time and resources to secure their infrastructure and meet the regulatory requirements. By running these policies against your cluster(s), organizations can understand which controls are in violation, which entities are violating them, and what needs to be done to harden the environment.
“Securing infrastructure and keeping it compliant is a complex task. Our goal at Magalix is to help teams stay on top of their infrastructure security initiatives without impacting their agility. CIS is considered a gold standard when it comes to securing apps and infrastructure. We have been consulting with our partners to implement comprehensive policies covering the CIS to give teams confidence in their infrastructure security posture” said Mohamed Ahmed, Magalix founder and CEO.
Sample of the included policies
“CIS Benchmarks are a de facto standard for checking compliance against security best practices. By adding CIS policies to Magalix ever-increasing library of policy standards, we aim to provide our customers with a quick way to assess their compliance posture using one of the best-known standards in the industry. This allows our customers to continue to be productive and agile while having peace of mind and guarantees about the compliance and security of their infrastructure”
Ahmed Badran, Magalix co-founder and CTO.
With this update comes a new report designed specifically to hasten your understanding of a cluster’s CIS Benchmark status. Mapping our Policies to Controls pinpoints the root cause of a violation so you can see which entities need to be assessed.
Clicking on a Control directs to a Policies page that then can be further expanded to see which entities are causing these violations. Custom policies can also be added to any standard.
Check Magalix Docs and learn what Magalix is, how to get started using it, and reference materials for its features and supported cloud providers.
Prevent Kubernetes NetworkPolicy misconfigurations by enforcing policy as code