Container Security

IT is taking aggressive steps to make cloud applications portable and scalable with containers and the use of DevOps concepts.

The resulting cloud environment are typically made of a combination of containers (Docker or Kubernetes), VMs and more traditional architecture.

Containers need appropriate protection. Unlike VMs, containers share hardware and operating system resources with other services running on that hardware. This expands the attack surface to the host operating systems and opens the opportunity for lateral movement. Security risks related to containers in a cloud environment include:

  • Workload-to-workload attacks: container orchestration tools like Kubernetes make use of flat networking space. This raises the risk of one compromised application attacking a neighbor.
  • Overloaded containers: containers deployed with a lot more than what’s needed unnecessarily increasing risks.
  • APIs: containers that access data through APIs that have no authentication requirements.
  • Hosts that are not secured : securing containers is more complex than VMs as the host is shared.

Lacework Polygraph monitors activity between containers.

Lacework Polygraph monitors activity between containers.

The Lacework Cloud Security Platform monitors not only inbound and outbound communications to and from containers but also monitors container-to-container communication providing end-to-end security:

  • Lacework continuously monitors, from start to end, the lifecycle and resource usage of container processes: container top process and all its children; cpu, memory and network usage. This enables Lacework to detect anomalies in container activity and augment insights into threats affecting your cloud.
  • Running as a privileged container, Lacework has insights into kubelets, pods (running one or more containers using shared namespaces) and even containers running outside of a Kubernetes cluster.
  • Kubernetes File System security: Lacework continuously scans files for vulnerabilities and goes one step further in scanning active processes with deleted files – a common technique used by spyware.

The Lacework Cloud Security Platform is fully container-aware and monitors all container activities regardless of the container distribution you rely on (Docker and/or Kubernetes). Any malicious activity in your containerized cloud will generate an anomaly at one layer or another – Lacework will detect it and provide you with the full trail of anomalous activities across your cloud so that you can remediate issues before any damage is done.