ARMO Platform Pros and Cons

I recently started using ARMO, ( which uses Kubescape), it is very simple to get started and covers various compliance needs, besides I like the attack paths, CVE etc. Compared to other products in the market, it is priced reasonably and works very well with any cloud provider.

You need ARMO if you have set Kubernetes cluster on the cloud, to verify the configurations, remove various security issues, and identify various compliance violations. Once these are fixed, it is easy for SOC2 or other compliance.

ARMO also has a remediation option against each issue, which is kind of nice, and helps to pinpoint what additional controls to add to the YAML files. Review collected by and hosted on G2.com.

Overall I like the platform, A few areas that can be improved are, applying a fixed configuration directly from the platform, rather than downloading the yaml and applying it yourself.

Besides, there are cases where the docker image you have used has transient dependencies that have open CVEs, but often upgrading to a newer version may not be the correct solution and can cause incompatibility. I feel, if ARMO provides an option to take chainguard or similar images, that would be better, without changing the version. Review collected by and hosted on G2.com.

Armo is perfect for reading kubescape reports.

The two tools integrate very well, and the armo dashboard allows you to push the use and understanding of kubescape dashboard to the limit.

I also really like the ease with which the various scans (registry, repository, cluster) can be integrated.

The interface is very pretty and easy to understand. All useful information is displayed on the screen, and fixes for the various vulnerabilities are easy to copy and apply, which saves an enormous amount of time.

The various sorting functions are very practical.

I also like the fact that it's easy to accept the risks.

Translated with DeepL.com (free version) Review collected by and hosted on G2.com.

I don't like the idea of paying per node. In my case, I have a lot of small nodes with very different uses and resources. It's ideal for me to separate the different services of my project, but from a financial point of view (according to the vision of paying per node) it's very bad. However, I think it's good practice to have more nodes than one giant one. Review collected by and hosted on G2.com.

The ARMO Platform has cut our cloud costs for our Intrusion Detection Service (one of our most costly products) by 80%. Review collected by and hosted on G2.com.

ARMO is coming out with many new features. They seem helpful after a demo, but it isn't always clear how we can use them for actionable insights. Review collected by and hosted on G2.com.

The automation features of ARMO Platform stand out as remarkable capabilities. The Platform performs its tasks by reducing hand labor which frees up at least one day of work during each week. The main benefit of the ARMO Platform lies in its capability to integrate with our existing tools. Automation capabilities founded in the ARMO Platform represent an outstanding feature through its capability to gather data from different sources then present it in one unified dashboard. This single feature allows our team to save three hours of reporting work each week. Review collected by and hosted on G2.com.

Users need to spend time adapting to the robust features of the ARMO Platform due to its complex interface structure. I regularly search for specific settings or configurations within the ARMO Platform. A few integration issues between ARMO Platform and our current tools created minor system disruptions. Review collected by and hosted on G2.com.

very intuative and pretty GUI, which makes the insights easy to understand and solve. very easy to install and maintain, and good support from the company Review collected by and hosted on G2.com.

lack of some features, and im not sure how much can I trust the AI mechanism to understand which risks are critical Review collected by and hosted on G2.com.

The platform is ituitive and the most importantly guide you to the solution of the issues highlighted. It was easy to integrate with my existing clusters Review collected by and hosted on G2.com.

There is a learning curve and on-going licence fees may become an issue over time. Review collected by and hosted on G2.com.

Real time attack surface reduction within Azure DevOp's with contextual and actiuonable insights. Misconfigurations within code and the remediation steps required to resolve are easy to follow and offer a wide range of options to bring around a resolution.

ARMO has fantastic granular SSO controls, AMRO's "CVE Relevancy" feature is a differentiator & particularlly the "Vul spotlight" insights have had a huge help in reducing the noise of CVE's.

Fantastic tool with a great UI interface, Review collected by and hosted on G2.com.

Setup and implimentation requires helm chart - A more less technical method of onboarding would be request a service principle in azure for all the access requirments. Review collected by and hosted on G2.com.

ARMO's Kubescape is an outstanding security tool that has become an integral part of our Kubernetes ecosystem. As an open-source solution, it offers robust security scanning capabilities that ensure our clusters remain secure and compliant with industry best practices.

One of the standout features of Kubescape is its comprehensive scanning engine, which covers everything from misconfigurations to vulnerabilities across our Kubernetes clusters. It seamlessly identifies security risks based on the CIS Kubernetes Benchmark and NSA-CISA Kubernetes Hardening Guidance, giving us peace of mind that our infrastructure is well-protected.

Kubescape’s integration with our GitHub Actions workflow has been a game-changer. The ease with which it fits into our CI/CD pipeline means we can automatically scan our Kubernetes manifests and Helm charts during every pull request. This early detection of security issues helps us maintain a high level of security without slowing down our development process. The setup was straightforward, and the feedback is immediate, allowing us to catch and resolve issues before they make it to production.

The tool's detailed reports and actionable insights are invaluable for our team. The ability to visualize the security posture of our clusters and track improvements over time has significantly enhanced our security operations. Kubescape's intuitive interface makes it easy for both developers and security teams to collaborate and ensure that security is a shared responsibility.

In summary, ARMO's Kubescape is a must-have for any organization running Kubernetes. Its powerful scanning capabilities, combined with seamless GitHub Actions integration, make it an essential tool for maintaining a secure and compliant Kubernetes environment. We highly recommend it to any team looking to enhance their Kubernetes security posture without adding complexity to their workflows. Review collected by and hosted on G2.com.

We didn't identify any issues so far while deploying it on our clusters. Review collected by and hosted on G2.com.

My favourite feature are the dashboards that score your security posture in line with security standards. As you resolve security issues, your score increases and this can be seen over time. This makes it easy to understand how your posture has improved over time and helps articulate value to the rest of the business.

It also does a great job of suggesting fixes in ways that non-k8s pros will appreciate and understand Review collected by and hosted on G2.com.

We had a small number of integegration issues that were quickly resolved by the support team. In all honesty there wasn't much to dislike during our implementation Review collected by and hosted on G2.com.

Armo is able to gather in a synthetic and nice-looking interface, a lot of data that I'm used to collect from so many different tools. Moreover, it aims to deliver ready-to-use and easy-to-understand actions. The visual approach, such as diagrams of attack paths, or diffing YAML manifests for showing us how to improve security by changing kubernetes resources, is a game changer ! Review collected by and hosted on G2.com.

While the installation and integration is pretty straightforward thanks to their Helm chart, the toolset that needs to be deployed on each cluster is pretty large, with many deployments, statefulsets and cronjobs. Review collected by and hosted on G2.com.