Defenselayers Plug&Play Cybersecurity and Compliance Automation Platform is the answer to market trends: businesses moving into a cloud, while technology of microservices and containers gain wide acceptance.


Defenselayers Cybersecurity and Compliance Automation Platform is the answer to market trends: businesses moving into a cloud, while technology of microservices and containers gain wide acceptance. The Product fits within the model of modern methodologies of software development and operation in cloud environment (DevSecOps). Defenselayers Secure Container is compliant with Open Container Initiative Standard (unified application containers standard accepted by all container orchestration tools and public cloud service providers including Azure, AWS, Google, etc) and it is equipped with preinstalled layers responsible for assuring container cybersecurity and compliance. At the same time Defenselayers central infrastructure monitors and keeps these layers constantly updated. This is why we call it out-of-the-box security.


Defenselayers produce OCI compliant application containers with pre-encapsulated and pre-hardened standard technologies (operating systems, databases, application servers, interpreters etc.). The developer encapsulates his microservice into Defenselayers Secure Container (note that no change to microservice is required) and deploys the microservice in a cloud. While the microservice is running in production environment, the Defenselayers Central Platform monitors such container and constantly updates it when new vulnerabilities and threats appear.


Trust is a fundamental building block of any (cyber) security chain. While trust is so crucial, today´sworld shifting into containers face a great problem: trust issue. Nobody really knows what is running inside of a container as  most containers are running from downloaded  internet images. Why should anyone trust such an image? Why developers should trust unknown developers? It’s not just about the possibility of the malicious intent of an unknown person.  It may possibly be caused by critical security issues, or lack of knowledge by the original author. Secondly you can be   running outdated,  or faulty components inside your containers. Defenselayers Plug&Play Cybersecurity and Compliance Automation Platform brings trust and security to the containers ecosystem.

Executable binaries hardening

Recompilation of main components

Removal of insecure modules

Removal of insecure functionality

Removal of insecure components

Removal of unused components

Secure configuration of included components


Network services


Other component

Secure configuration

Removal of default accounts

Secure application accounts

Secure environment variables settings

Secure configuration

More strict access rights


Vulnerability scanning

Malware scanning

Integrity protection of every binary and configuration component

Complete manifest of all components inside container image


Our secure by default, out-of-the-box container images also enables you to quickly meet different compliance requirements, also out of the box! For example we enable seamlessly meet GDPR Articile 25 “privacy by default, privacy by design” requirement. Without Defenselayers secure image container organization could be forced to rewrite large portion of own applications code and/or recreate infrastructure.

Our hardening rules meets PCI DSS, GDPR, OWASP and CIS criteria and sometimes are even more strict while not breaking compatibility. If you require highest security possible at the price of some compatibility issues we provide High Security line of our secure container images.


Secure by default, out-of-the-box = privacy by default privacy by design (Art. 25)

Security testing and vulnerability management (Art 32 1 c-d)

Incident management requires integrity control (Art. 33, 34)

NIS Directive

Incident management and reporting requires integrity control (Art. 14)

Vulnerability & patch management (Art. 14, Art. 16)

Financial sector regulations

Risk based hardening approach

Operation Risk value reduction

Vulnerability scanning

Malware scanning

Patch management


System hardening / development of secure networks, systems and applications (Req 2, Req 6)

Secure TLS and other encryption protocols/algorithms (Req 3, Req 4)

Patch management (Req 11)

Malware scanning (Req 5)

Vulnerability scanning (Req 5, Req 6, Req 11)

Integrity control (Req 6)

Security/hardening requirements for CardHolder Data Environment (CDE) (Req 3, 4)


Defenselayers covers your complete technology stack including web servers, database and other required components to build secure applications, microservice or even infrastructure for monolithic applications. In case of applications with monolithic architecture Defenselayers can enable a quick switch to containers while meeting highest security and compliance requirements.  Pre-hardened technologies encapsulated in Defenselayers Secure Containers can be easily downloaded from Defenselayers private container registry, giving software developers the full technology stack they need. Defenselayers can encapsulate any technology which can be used in a cloud environment based at customers’ requests.


Our out-of-the-box secure container images provide both secure infrastructure and application environment making deployment of harden (highly secure) components a breeze. Don’t waste time to do research how to secure your proxy, web and application servers together with databases and messaging ques. Simply download our set of Defenselayers secure container image and run your applications or services in secure environment from the very beginning meeting number of compliance & standards requirements as well.

We solve the problem of trust by knowing exactly what is included and run in any of our secure container images. This allows us to check any component for malware, vulnerabilities, insecure configuration issues and other serious security problems constantly. Our secure by design, secure by default out-of-the-box stance not only fits your DevSecOps process but actually strengthen it.