Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/14/2018
04:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Security Teams Struggle with Container Security Strategy

Fewer than 30% of firms have more than a basic container security plan in place.

A study out today shows that the security community is still coming to grips with the new realities introduced by containerization to aid DevOps and agile development teams in their mission for faster deployments in the enterprise.

Some experts say the rise of containers offers an opportunity for security teams to embed themselves more thoroughly in the continuous delivery workflow. But according to "The State of Container Security" report from StackRox, about seven in 10 organizations today either don't have a container security strategy or are at the most rudimentary stages of establishing that strategy. Among those with an existing strategy, about 35% say it doesn't invest enough to adequately secure containers, and 25% say it isn't detailed enough. 

Digging into the details of where IT professionals believe the biggest risks lie in the use of containers, misconfigurations led the pack by far, above vulnerabilities and attacks. This is not surprising given high-profile breaches like the Tesla cryptomining attack that was disclosed earlier this year, which was made possible by a poorly configured Kubernetes deployment on AWS.

Interestingly, even though the survey shows that most organizations are not yet running containers in production, securing containers in runtime has IT pros more worried than in build or deployment phases.

The concern for runtime is logical given the heavy emphasis that early container strategies have put on pre-production vulnerability scanning, according to Mark Bouchard, vice president of research for analyst firm CyberEdge, who provided analysis for the report.

"That's where their early investments have been, and now their apps are going into production and they realize, 'Yes, I've got to continue to do vulnerability scanning, but the bad guys operate not just against software flaws but on any weaknesses they can find,'" he says "So they recognize they need to do some monitoring of the container environment in runtime to look for that malicious activity."

Ultimately, Bouchard says, containers aren't necessarily any different than any other asset enterprises must protect. 

"We're not talking about reinventing security," he says, explaining that all the basic principles, such as the rule of least privilege, threat monitoring, and vulnerability scanning, all still apply. However, security professionals need to adjust to a couple of new variables that container environments introduced. First and foremost is the speed at which security teams need to work to protect constantly changing container environments. 

"What we're doing with microservices, containers, and DevOps is speeding everything up," Bouchard says. "So we're talking about applying the same security principles on a much faster cycle."

Secondly, he explains that security people need to familiarize themselves better with the architecture and with how containers, nodes, registries, orchestrators, and the like really work.

"Unless you understand what it is you are trying to protect, how can you do a good job protecting it?" Bouchard says. As he explains, many security practitioners came up from the network security world, and application delivery can sometimes be a challenge to wrap their arms around, but it is crucial.

"We're shifting the issue now onto the workload, and that's true for application security in general and most definitely for this world of microservices and containers," Bouchard adds.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark Reading,  7/18/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10101
PUBLISHED: 2019-07-23
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.
CVE-2019-10101
PUBLISHED: 2019-07-23
VCFTools vcfools prior to version 0.1.15 is affected by: Heap Use-After-Free. The impact is: Denial of Service or possibly unspecified impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim mus...
CVE-2019-10173
PUBLISHED: 2019-07-23
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regre...
CVE-2019-14241
PUBLISHED: 2019-07-23
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
CVE-2019-10101
PUBLISHED: 2019-07-23
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/...