Container security company StackRox Inc. is updating its Kubernetes threat-detection platform with new capabilities that should help to prevent incidents such as the recent hack of Tesla Inc.

StackRox, which recently landed $25 million in funding, offers a cloud-based platform that provides continuous advanced threat detection for technologies such as Docker Swarm and Kubernetes, which are used to manage software containers. The platform also gives security teams the ability to apply and control policies across container-based apps, automatically correlate and detect different classes of threat behavior and monitor events over time to spot any potential new threats.

With its new release, StackRox is implementing what it calls a “feedback loop” between the different phases of the container lifecycle, all the way from initial development to production deployment. The software works by observing each application’s initial behavior at runtime and issues an alert if there are any unexpected deviations. It also extends StackRox’s policy management capabilities for containers to Kubernetes itself, the company said.

“Cloud-native development demands a new security approach, one that works across the full container life cycle,” said Diogo Mónica, former security lead at Docker Inc. “Building in an automated, continuously running feedback loop between the development and operations phases increases the overall security posture and improves the efficiency of security teams.”

StackRox said its platform would have been able to detect incidents such as the recent attack on Tesla’s Kubernetes infrastructure. Tesla’s systems were reportedly exposed from an unsecured Kubernetes administrative console, which allowed hackers to hijack one of its Amazon Web Services accounts and use its cloud computing resources to mine cryptocurrencies. Wei Dang, vice president of product at StackRox, told SiliconANGLE that Tesla’s Kubernetes infrastructure was vulnerable because the dashboard service was running with elevated privileges within the cluster, and was also exposed to the internet.

“StackRox would have discovered both of these vulnerabilities,” Dang insisted. “The dashboard was running with escalated privileges either because role-based access control was not enabled or because a malicious actor escalated privileges. If it were the former, we would have caught that role-based access control was not enabled, and if it were the latter, we would have detected when the privileges became escalated.”

He added that the company’s system also would have flagged a policy violation based on network policies that the Kubernetes dashboard exposed to the public internet. “Depending on our customer’s policy, we would have taken automated action to prevent this compromised service from running or we would have alerted the team to the problems so they could address both issues before a malicious actor was able to take advantage of them,” he said.

StackRox said the updated version of its platform would be rolled out to users by the end of this month.

Image: StackRox