Attivo Networks Blogs

Protecting Your Containers from Potential Threats

Written by: Vikram Navali, Senior Technical Product Manager – As more enterprises adopt a containerized approach for applications, the need for protecting containers becomes crucial. Container environments are a computing option that provides virtualization for microservice-based applications regardless of whether the target environment is a private data center or deployed in a public cloud.

One potential drawback of containerization is a lack of isolation from the core OS. Because the host OS on a VM does not abstract application containers, security experts warn that adversaries have easier access to the entire system. Common container threats are:

  • Allowing unauthorized access across containers, hosts, or data centers
  • Malware that scans internal systems for sensitive data from a compromised container

Below are some examples of container attacks:

The Attivo Networks ThreatDirect containers provide solutions for container environments across on-premises and cloud infrastructures, independent of attack vectors. ThreatDirect containers detect network-based attacks and provide visibility into any suspicious activity. Most public cloud computing providers, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, have embraced container technology, using container software solutions like Docker and Kubernetes. The following discusses how the deployment of ThreatDirect containers helps in protecting a container infrastructure.

Deploying ThreatDirect containers in an isolated pod

ThreatDirect containers can deploy as a dedicated container in a Kubernetes pod or as a Docker container. Consider a Kubernetes-orchestrated environment, as illustrated below. When adversaries compromise a pod, they tend to seek out other pods that are reachable. During such lateral movement, the adversary engages with a ThreatDirect container, generating an alert.

Protecting Containers

Deploying Deflect in Kubernetes nodes

With the increase in east-west traffic generated from containers and microservices, there are potential opportunities to compromise an application and the container infrastructure. The Attivo Networks Endpoint Detection Net (EDN)Deflect function alerts on attacker reconnaissance as they scan for ports and services to exploit Kubernetes nodes. The Deflect function detects fingerprinting attempts and redirects both inbound and outbound connection attempts to decoys for engagement.

Deploying deceptive breadcrumbs in production containers

The Attivo ThreatDefend® platform provides a REST API interface to download deceptive credentials. DevOps teams can download these deceptive credentials using the REST API (Decoy AWS IAM access keys, Decoy database credentials, and others) and deploy them as part of production workloads. Once inside the network, attackers scan for various credentials to exfiltrate data from databases, file servers, storage buckets, and other targets. The ThreatDefend® platform monitors for and detects attackers using any decoy credentials.

It is hard for any traditional security solution to protect from adversaries’ attempts, especially in the container environment. By deploying the Attivo Networks ThreatDirect container and Deflect solutions, an enterprise can enjoy containerized application benefits without sacrificing security.

For additional information, please visit

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

20 − 3 =

Ready to find out what’s lurking in your network?

Scroll to Top