Cloud

9/12/2017
12:00 PM
50%
50%

IBM Launches New Tools for Container Security

IBM's LinuxONE Emperor II addresses container security as researchers pay closer attention to containers' security shortcomings.

IBM is buckling down on container security with LinuxONE Emperor II, the next generation of its Linux-only enterprise family unveiled today at Open Source Summit North America. The platform includes the IBM Secure Service Container to protect against internal and external threats.

The announcement comes at a time when security researchers are paying greater attention to container security. Dino Dai Zovi, cofounder and CTO at Capsule8, took the stage at Black Hat 2017 to discuss how datacenter-level operating systems like Docker, Kubernetes, and Mesos change the security paradigms for modern production environments.

"There's a lot of attack surface inside these orchestrated environments - the APIs that are accessible from inside the containers, that you can use to escalate privileges, move around the network, and persist," he said in an interview with Dark Reading.

Last year, more than four billion data records were lost or stolen, a 556% increase from 2015. In the past five years, more than nine billion records have been breached and only 4% of them were encrypted or secure scrambled, IBM reports. The company's LinuxONE technology has been part of the IBM cloud since 2015.

The Secure Service Container protects data from external threats and internal threats at the system level, from users with elevated credentials, or attackers who steal them. Developers don't have to create proprietary dependencies to use these advanced security capabilities; an application only needs to be put in a Docker container ready for Secure Service Container deployment. From there, it can be managed through the Docker and Kubernetes tools.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/14/2017 | 8:44:05 AM
Re: IBM and trust
"...decimating cloud support staff" hard to envision Cloud gaining traction QUICKLY with statements such as these.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/13/2017 | 8:25:56 AM
IBM and trust
Good question about the backend ---- and knowing that IBM is decimating cloud support staff and some elements of Watson (health care hit hard), i would not trust any advertisement of good stuff from old Big Blue.  Ginny has wrecked the company and it is a shell of what remains now.  Disclosure - i was with a business partner during the John Akers meltdown years.    So the BETTER question is WHO is supporting what is behind the backend?  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/13/2017 | 7:22:13 AM
Container Security
This is interesting but how does hosting the application in "Docker" elevate security? IE: what is occuring on the backend?
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Get Serious about IoT Security
Derek Manky, Global Security Strategist, Fortinet,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.