The world of containers—particularly Kubernetes—descended on Austin, Texas, last week for the KubeCon and CloudNativeCon North America conference. Experts shared knowledge and vendors of all sizes pitched products and services designed to augment, simplify and secure container ecosystems.
When it comes to container security, most tools focus on scanning the image from which the containers originate. The container environment is exceptionally dynamic, though—with hundreds or thousands of containers spawning or disappearing from minute to minute—so a container security solution that can monitor and protect containers during runtime is crucial.
Protecting Containerized Applications on Kubernetes
StackRox leverages machine learning to provide a security platform that can defend an active container environment from code injection, privilege escalation, malicious lateral network movement and data exfiltration attacks that target containerized applications. The StackRox platform combines elements of endpoint detection and response (EDR), web application firewall (WAF) and intrusion detection / prevention (IDS/IPS) to create a single container security framework capable of defending containers during runtime.
At KubeCon, StackRox announced a partnership with Google Cloud to deliver end-to-end security for customers running containerized applications on Kubernetes with integration into the Google Kubernetes Engine. This partnership expands StackRox existing support for the Google Kubernetes Engine, which already allows customers to visualize the container attack surface, expose malicious activity and apply machine learning to detect and stop attacker activity.
StackRox’s unique approach to container security disrupts container attacks in real time to minimize their potential impact. “Security continues to be the most significant hurdle to enterprise adoption of containers and microservices,” says Sameer Bhalotra, CEO and co-founder of StackRox. “Our vision is to help secure the entire software stack for customers who are moving to the cloud, and our partnership with Google brings together strong container security controls for major enterprises.”
Security Containers During Runtime
I had a chance to sit down for some coffee with Wei Lien Dang, VP of Product for StackRox, in Las Vegas at the recent AWS re:Invent conference. We talked about some of the unique challenges of securing and protecting containerized applications during runtime.
Wei explained that detecting and stopping attacks in real time against containerized applications is very different than detecting and stopping attacks in real time against a traditional web application. Instead of a single application running on a single server, the containerized version may be comprised of tens or hundreds of containers spread out across multiple servers or environments.
Effective monitoring and detection of threats requires an ability to identify indicators of attack or compromise holistically—from across the whole environment. It takes a container-aware security solution to be able to understand the behavior of containerized applications, and to monitor and capture the data required for root cause analysis and incident response in such a highly scalable and ephemeral environment.
Kubernetes has emerged as the de facto standard for container orchestration. It makes sense that container security providers should team up with Google and offer comprehensive security for containers running on Kubernetes—especially security that can protect containers during runtime and provide the context necessary to effectively respond to security incidents.