Fidelis Container Secure™ is the container security service of the Fidelis CloudPassage Halo platform. It is designed to automate security and compliance across Docker, Kubernetes, and CI/CD pipeline infrastructure, functioning either as a standalone service or in conjunction with Fidelis Halo®‘s server and cloud security services.
The platform addresses multiple layers of the container stack simultaneously. At the image and registry layer, registry connectors scan container images at rest and track images in motion as they move toward production, with plugins integrating directly into CI/CD tools including Jenkins, Bamboo, TeamCity, and CircleCI to pass or fail builds automatically based on configured policy. At the runtime configuration layer, Fidelis Container Secure™ collects detailed configuration and status information for container instances, Kubernetes services, and container runtimes, evaluating that information against security policies and best-practice rules to detect deviations. It can detect privileged containers, writable containers, interactive containers, and containers instantiated from unauthorized or unknown images.
At the host level, the platform automates server instrumentation for discovery, inventory, vulnerability management, system hardening, system integrity monitoring, drift detection, and runtime security event collection. For intrusion detection and threat detection at the Docker host and Kubernetes node level, Fidelis Container Secure™ uses log monitoring, file integrity monitoring, and intrusion detection capabilities, and can quarantine suspected rogue containers within seconds of detection.
The platform deploys via a 2 MB microagent for Linux and Windows hosts, with Kubernetes-native DaemonSet support to automate deployment across every Kubernetes node. Ongoing inventory and assessments of container hosts and guest instances take under 90 seconds, and new microagents can be registered in under 30 seconds. All policy rules are grounded in CIS Benchmarks, PCI, HIPAA, and SOC 2 standards, with automatic rule updates as new threats emerge and container security best practices evolve.
For cloud posture coverage across IaaS and PaaS resources, Fidelis Cloud Secure operates as an agentless companion service, providing automated discovery, inventory, and assessment across AWS, Azure, and GCP, with monitoring across IAM services, virtual machine images, networks, storage, container registry services, managed Kubernetes services, and more. Used together, Fidelis Container Secure™ and Cloud Secure cover the container workload layer and the cloud infrastructure layer from a single unified security platform.
Remediation guidance is delivered in real-time through DevOps tools that teams already use, including Jira, Slack, and ServiceNow, and findings are consolidated through the Fidelis Halo® Portal with interactive dashboards, prioritized issue reporting, and a REST API for programmatic integration with SIEM platforms and broader security operations tooling.
