Tigera, a company delivering network security solutions for container-based applications, today announced the 2.1 release of their flagship product, CNX.

The 2.1 release was built in partnership with several customer security teams to automate their security workflows across their cloud, container and legacy environments using a single policy model. In addition, this release addresses specific challenges when enforcing PCI, SOC2, GDPR and other mandates for container-based environments.

“We are hearing about broad-scale application modernization initiatives in almost every enterprise we speak with. Applications are modernized iteratively, leaving some components on-premises in legacy architectures while other components are refactored into containers.” said Ratan Tipirneni, president and CEO of Tigera. “Those applications run on-premises and in the cloud, and there is intense demand for a single policy model that can enforce security and compliance across the hybrid environment.”

Modernization efforts often include migrating to cloud services. There are few standards between cloud providers, and container based applications can be effective at mitigating the concern of vendor lock-in. However, security models still differ between cloud providers and the learning curve and lock-in is pushed to the networking and security teams. Tigera’s single policy model works across cloud providers and on-premises environments and can prevent cloud lock-in and eliminates the need to train staff on each cloud’s security model.

CNX 2.1 adds cross-cluster federation of workloads, enabling security policies that define rules that span hybrid environments that can include both container based and legacy workloads. Additionally, this latest release supports compliance initiatives with the addition of detailed policy auditing, 5-tuple logging of all east-west container traffic, integration to existing SIEM tools, as well as enhanced anomaly detection and alerting.

“Within well-established enterprise organizations, there are very few greenfield container-based enterprise applications that can run in isolation,” said Amit Gupta, VP of Product Management for Tigera. “Most of these applications must integrate with backend systems that are not ready or have not been modernized. This creates a huge headache for security teams when trying to maintain security and compliance.”

Containers are short-lived, or ephemeral, which is much different than traditional hosts and VMs that existing network security and monitoring tools were designed for. To deal with this, most teams have applied perimeter security to their container applications. As a result, visibility is lost into east-west network flows within the perimeter making compliance difficult to strictly enforce.

CNX was designed to secure and monitor container-based applications, and provide enforcement and monitoring of all east-west container to container network flows within orchestrators like Kubernetes. CNX federates workloads across clusters while extending policy to legacy host and VM environments, enabling the visibility, logging and auditing required for container-based applications to meet their compliance requirements.