Cloud Native CAST Start-Up Launches with Industry Veteran Advisors from VMware/Carbon Black, Kaspersky and White Hat Security
Houston, TX, July 22, 2020 – Carbonetes, the industry’s first comprehensive, cloud native container application security testing (CAST)-as-a-Service solution, emerged today from stealth to offer enterprises the seamless ability to analyze the security of containerized code in real-time. Founded in early 2019 by CEO Mike Hogan–serial entrepreneur with multiple exits and an IPO from companies such as DeepData, Novell, POET and ScaleDB–Carbonetes was created in response to the observation that the container security market lacked a comprehensive, scalable solution that can keep up with accelerating velocity of container development. Coming from a developer background and focus, Mike and team, frustrated with piecing together several on-premise applications to properly secure their containers, recognized the need for a cloud service that combined all of these capabilities, while delivering lightning fast performance. “The existing container security solutions require assembly of disparate expensive tools to analyze your containers across a spectrum of threats. With Carbonetes, your containers are analyzed for all threats. Your open source tools are analyzed for dependencies, vulnerabilities and licensing, while your native code is analyzed for vulnerabilities, secrets, configuration issues, and malware. This service runs inside a Kubernetes cluster, providing unrivaled scalability and performance,” said Mike Hogan, Founder & CEO of Carbonetes. “Given the ephemeral nature of containers that are repaired or replaced at high-velocity, Carbonetes is the only solution that offers customers the speed and range of coverage needed for container application security testing success.” Carbonetes provides the most comprehensive container analysis service, simultaneously analyzing all aspects of the container’s contents: open source (SCA: vulnerabilities, licensing, and dependencies), native code (vulnerabilities and secrets), as well as configuration and malware. By leveraging Kubernetes’ automated scaling, the analysis runs in parallel for industry-leading performance.
Carbonetes CAST Solution
- Software Composition Analyzer: Analyzes open source tools for dependencies and vulnerabilities.
- License Analyzer: Creates a list of licenses associated with each open source tool in the container.
- Configuration Analyzer: Identifies risks in container configuration, such as privilege, root access, scaling constraints, memory utilization, and more.
- Secrets Analyzer: Identifies sensitive data in the container that could be compromised, such as passwords, AWS keys, credentials, and more.
- Multi-Engine Vulnerability Analyzer: Provides best of class vulnerability analysis with threat levels, CVE details, and the location in your code along with suggested fixes.
- Malware Analyzer: Protection from trojans, viruses, and malware in your containers.
Unlike existing code analysis tools that analyze each container sequentially, Carbonetes leverages the power of Kubernetes to process all containers simultaneously. For example, if you are analyzing 100 containers, Carbonetes creates 100 pods that all work in parallel, providing results in 1% of the time it would take competing tools. Carbonetes provides a rich set of tools for creating, editing, testing and managing security policies. Analysis results are evaluated against policies to determine the appropriate action. Developers are then provided with the details necessary to secure their containers. This is all automated through seamless integration with your CI/CD pipeline.
The company’s advisory board is stacked with industry experts including, Mike Viscuso (VC and founder former CTO of Carbon Black), Anthony Bettini (CTO White Hat Security, Tech Editor of Hacking Exposed), Jeremy Carlson (OEM Sales Kaspersky), Brendan Hogan (Strategy & Business Development VMWare) and Tom Barsi (VP Corporate Development VMWare Carbon Black).
Carbonetes was founded in order to deliver a comprehensive container security analysis tool as a lightning-fast cloud service. Carbonetes is the industry’s first comprehensive cloud native container application security testing (CAST)-as-a-Service solution. Outfitted with six different analyzers, Carbonetes assesses software composition, licenses, configuration, secrets, malware, and vulnerabilities all in parallel at the speed and scale developers crave.