Written by: Vikram Navali, Senior Technical Product Manager – As more enterprises adopt a containerized approach for applications, the need for protecting containers becomes crucial. Container environments are a computing option that provides virtualization for microservice-based applications regardless of whether the target environment is a private data center or deployed in a public cloud.
According to an Attivo survey of security professionals conducted late last year, the cloud attack surface was the single greatest threat to enterprises. And a survey released earlier this year by Kansas-based security vendor Firemon revealed that 60% of those surveyed said their cloud deployments have accelerated past their ability to secure them.
Chris Roberts, an adviser at Attivo Networks, concurs that role-based access control (RBAC) must be enabled for robust Kubernetes security, and adds that many elements of a strong security posture remain relevant in container environments: Good policies, procedures, and controls at the user, application, and network layer; separate and segmentation (including firewalls) where possible; rotating encryption keys; and strong education and integrations among different roles and teams.
Misconfigurations – which in some cases may be a matter of simply not paying attention to configurations – will be a considerable source of risk as more organizations deploy containerized applications to production environments, according to Chris Roberts, an advisor at Attivo Networks. “How many of the installations out there are still relying upon defaults? How many have weak configurations, interconnects, and/or rely upon code bases that are not well-validated, understood, or tested/supported?” Roberts asks. “Arguably, the lack of well-configured environments that are not being monitored or protected will have a huge impact on the number of vulnerabilities in 2019.”
Attivo’s ThreatDefend deception platform can now enable organizations to create decoy containers and serverless functions, in an attempt to trap attackers. As organizations begin to embrace container and serverless technologies, there is a corresponding need to secure those deployment models. On Sept. 24, Attivo Networks announced its entry into the container and serverless security market with an update of its ThreatDefend cyber-security deception platform.