Container Security Features

Read what people say are the most valuable features of the solutions they use.
reviewer1087347 says in a Twistlock review
User
The most valuable feature is the automated forensics. View full review »
Directoree59 says in a Threat Stack review
Director of Security at Eventbrite
We like the ability of the host security module to monitor the processes running on our servers to help us monitor activity. We want to make sure that there are no bad people on our machines. This has the ability to detect those bad people or bad processes on the machines. The rules are really great. They give us more visibility and control over what's being triggered. There's a large set of rules that come out-of-the-box. We can customize them and we can create our own rules based on the traffic patterns that we see. The rules did take quite a bit of customization and configuration right off the bat because a lot of the way that we do the release of our code and products creates a significant amount of noise. The real signal, the security signal, would have been lost in all that noise. So we had to customize the rules fairly significantly in order to filter out that noise. View full review »
reviewer1288842 says in a Tufin Orca review
Security Operation Engineer at a security firm with 201-500 employees
I like the deployment and management of this solution. I don't have much experience in that kind of security solution, but I have three years of experience in similar solutions, like AlgoSec. I do some scripts to optimize the solution, such as configuring the API. Additionally, when we export the report, you can see a lot of logs of all the equipment in the company and we can identify some of the machines or some log station in the network. Also, the user can create some requests to implement the flow and push the rules in the firewall. You can analyze the log and the traffic, you can have a lot of API's, and do some reporting. View full review »
Ignitius Molepo says in a Tufin Orca review
Senior IP Network Defense at a comms service provider with 10,001+ employees
The features I have found most valuable are its capability to check on the firewall and the routers. Afterward, it checks out all the configs, checks the vulnerabilities, checks the risks - it checks everything that may end up causing our router to be compromised. In the end, it recommendations what we should do. Then, if we apply the recommendations, it will scan again and give us a percentage. Sometimes we find out that at first that we didn't meet the compliance, getting a 46% maybe. Then, when after I apply the recommendations, after discussing with my team, and approving the recommendations, it is all remedied. After that, it goes to 80-something percent. And that is what we are looking for. View full review »
Ignitius Molepo says in a Tufin Orca review
Senior IP Network Defense at a comms service provider with 10,001+ employees
The most valuable feature is the compliance check and the recommendations that it makes. This solution will connect with the firewalls and routers to check out the vulnerabilities, risks, and anything that can lead the organization to be compromised. From there it will make recommendations about what is required in order to ensure compliance. My team discusses the recommendations and then we remedy the issues. View full review »
reviewer1228836 says in a Qualys Container Security review
Cognizant Technology Solutions at a software R&D company with 10,001+ employees
The most valuable feature is that this solution is very lightweight. View full review »
PrernaKapoor says in a BMC Helix Cloud Security review
User at Thales Services SAS
The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools. View full review »
PratapBirwatkar says in a Symantec Data Center Security review
Group Head - Information Security at a energy/utilities company with 1,001-5,000 employees
The most valuable feature is the endpoint protection system. View full review »
Owner at a financial services firm with 10,001+ employees
The flexibility of the solution is its most valuable feature. The ability to operate inside the real technology has been excellent. The solution's concepts are quite simple. View full review »
VP Cloud Operations at VVL systems
The cool feature of Helix Cloud Security is that you can do all that — understand and remediate issues — in one dashboard, based on the different policies that are available for security, out-of-the-box. The dashboard is very user-friendly. Being able to remediate in-tool is valuable. There are a lot of cloud tools out there that can tell you what your vulnerabilities are, but don't necessarily have the ability to remediate with a click of a button. It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP. That's one of the best features. In addition, the solution's automated remediation of cloud IaaS and PaaS resource misconfigurations is one of the biggest things that we need to focus on, as far as public cloud goes. There are a lot of misconceptions out there within companies that are going into the cloud. They think that the cloud provider is responsible for that security piece. There's a misunderstanding of where that line is drawn for security. A lot of companies only understand, once they're in the cloud, that it's their responsibility to ensure the security of their resources. That is where this tool fits in perfectly. You can set it to auto-remediate. As soon as it identifies an issue or a vulnerability within your environment, if you've configured it to auto-remediate, it takes care of that vulnerability and saves that time so you can focus on other things as an organization. And if you don't want to auto-remediate, if you're testing something out, for example, you don't have to. There's also an archive of the history with a list of all the resources in the cloud environment and how they're connected. It tracks any actions that have been taken on those resources over time. You can go back several months and see how the resources were connected and what they were connected to and any vulnerabilities that were remediated within the tool. And it gives us the ability to control who can remediate something and where. You have to be an admin. A user or viewer cannot go in and configure remediation. That allows us to see who's doing what because, as I mentioned, there can be vulnerabilities that you don't want automatically remediated. That can be true not only for testing but it's possible that a vulnerability is not a true vulnerability for that environment; or the remediation could affect other users and needs to be planned instead of remediating right then and there. View full review »
VinnieLima says in a BMC Helix Cloud Security review
Managing Director at VVL Systems
The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities. The great thing about Helix Cloud Security is that you can operate it in multiple modes. You can have it as a passive, e.g., I just want to baseline and understand what is happening. This might be Shadow IT or well-versed IT in how you're deploying your cloud services. It provides you with metrics and artifacts to prove that your baseline reflects your policy. Developers can still continue to do what developers do, right or wrong. However, you can also progress to be more forward-leaning and defining policies in Helix Cloud Security which are more forceful. E.g., there is an unapproved deployment or somebody makes a change to an Esri bucket that doesn't comply to your policy regulations that you're able to detect and report. Then, going further, you are being more proactive by taking action to snap back to compliance. So, it doesn't change your DevOps model. It enriches it for better visibility, giving you a second set of eyes to ensure that you're not introducing human error where it's against corporate policy. If you identify a vulnerability, e.g., identify a cloud security vulnerability for which you can automatically raise an incident and a change ticket on the service management platform of your choice, this could be with BMC or a third-party. Then, you can force these remediations to go through your change management process that allows you to document, review, schedule, and effectively approve them for execution. Now, you're not limiting operations from taking action, but you're introducing governance as part of the automation process. View full review »
reviewer1258746 says in a Snyk review
Engineering Manager at a comms service provider with 51-200 employees
What is valuable about Snyk is its simplicity, and that's the main selling point. It's understandably also very cheap because you don't need as much account management resources to manage the relationship with the customer and that's a benefit. I also like that it's self-service, with extremely easy integration. You don't need to speak to anybody to get you off and running and they have loads of integrations with source control and cloud CI systems. They are a relatively new product so they might not have a bigger library than competitors, but it's a good product overall. They do however have the option to install Snyk on-prem, but it is much more expensive. View full review »
reviewer1243545 says in a Twistlock review
DevOps Solutions Lead at a tech services company with 501-1,000 employees
The runtime mechanism on the solution is very useful. It's got very good network mapping between containers. If you have more than one container, you can create a content data link between them. View full review »
DimitrisMakris says in a Tripwire IP360 review
Information Security Architect at a tech services company with 501-1,000 employees
The most valuable features of this program are the low rate of false positives, and the ability to go deep and examine why a vulnerability was discovered, as well as how it was discovered. I believe these are the two main features that I like. Another great feature is the ability to scan through host-based agents which provides faster, more reliable and a network-friendly way to scan. Having a scan agent installed in the target system provides faster results as hundreds of agents can run at the same time in hundreds of targets instead of scanning through the network. Network scanning requires credentials to connect to a system, has a limit of parallel scanning and creates unwanted network traffic. View full review »
reviewer651714 says in a Trend Micro Deep Security review
Solution Expert -Security at a financial services firm with 10,001+ employees
The HIPS feature, as well as the monitoring around the file integrity, are very valuable aspects of the solution. The vulnerability scanning reduces false positives by quite a bit. View full review »
Adrien Gibrat says in a Docker review
Senior Front-End Developer at Oodrive
What I like most about Docker is that it is straightforward and easy to use, yet powerful. The graphical interface is very user-friendly and reporting is fast and effective. View full review »
PIERRE BOINNARD says in a Docker review
CEO and owner at m3production
Manage complex application architecture and installation procedure in simple text files. View full review »
DimaDorofeyev says in a Google Kubernetes Engine review
Senior DevOps/Build Engineer at a tech services company with 10,001+ employees
Kubernetes Engines is easy to deploy and manage. View full review »
Renato Ribeiro says in a Docker review
Senior IT Consultant
The most valuable features of this solution are scalability and agility. It is easy to manage and deploy. View full review »
Balamurali P says in a Google Kubernetes Engine review
Solution Architect at Tata Elxsi
The CLI commands are good. View full review »
PrincipCl677 says in an Aqua Security review
Senior Principal Consultant Cloud/DevOps/ML/Kubernetes at a tech services company with 11-50 employees
We find the Docker and Kubernetes support for container security most valuable. View full review »
Vinod-Gupta says in a Docker review
CEO and Founder at Indicrypt Systems
The most important thing that my clients focus on is rapid deployment. In this regard, Docker wins hands-down. View full review »
Rama Susarla says in a Docker review
Transformation Leader at TEKsystems (ex Aston Carter)
The main Docker feature is the repository where you can store images.T he image is available and you can read parts of those images. You can use it for your local development and QAs. That's the most basic Docker basic feature. Secondly, we like the footprint that Docker requires to construct an environment. The third most important aspect is maintenance. You won't have to rely on third-party support. If you have the full environment control, you will be able to maintain Docker containers on your own. Or you can just destroy them and construct a new container, i.e. add them when you want to, ephemeral and mutable objects. View full review »
Senior Security Specialist at a tech services company
The most valuable feature is the virtual patching. This offers protection of the application before it can be patched by the actual vendor. View full review »
Owner at SIS International HK Limited
Application Dependency Map. View full review »