Tenable is synonymous with security, but most widely known for vulnerability management. Now, the company is expanding into the world of containers and container security with its first acquisition in its 14-year history. The purchase of FlawCheck—a company that focuses on helping customers identify and resolve risk within container environments—illustrates the evolution of DevOps and containers into the mainstream and the increased attention on securing and protecting those environments.
In the interest of full disclosure, I am the Community and Social Media Manager for Tenable. That said, even if I didn’t work for the company, I would point out that Nessus is a household name and the de facto leader among vulnerability scanning tools. Tenable also pioneered the concept of continuous monitoring before it was cool—and before the rise of DevOps. The FlawCheck acquisition moves Tenable more aggressively into the growing DevOps and microservices world.
Anthony Bettini, co-founder and CEO of FlawCheck, shared a little about the company and its mission in a Tenable blog post announcing the acquisition. “We built FlawCheck to address the difficulty of detecting security risks, at scale, in the world’s largest data centers. As we engaged with some of the largest companies on their next-generation data center security challenges, we honed in on container environments as an area particularly fraught with issues.”
Security concerns are not new for containers. Following the meteoric rise of Docker and the mainstream adoption of containers, security has taken center stage. There have been many approaches introduced to creating more secure containers, such as Microsoft Hyper-V containers or Intel Clear containers. There is also a growing industry of security tools for containers, such as Black Duck and FlawCheck.
Bettini stressed that with new technologies comes new challenges. “Most notably, vulnerabilities are being inadvertently introduced into production through these nascent DevOps processes—a significant blind spot for security teams. An additional challenge is that in container environments, the role of security operations often changes, with the development team typically taking responsibility for both provisioning and vulnerability remediation.”
As it exists right now, FlawCheck is a private registry for container images. It automatically scans images for vulnerabilities and security issues as they’re built. FlawCheck integrates with continuous integration and continuous deployment platforms to build, deploy and monitor secure and compliant containers.
An integrated Tenable/FlawCheck solution is not expected until early 2017. For now, customers can register for a free trial of FlawCheck to discover first-hand how the tool helps identify security issues in containers to reduce risk.