Aqua Security this week extended the security capabilities it provides for serverless computing frameworks by adding the ability to scan functions running on those frameworks for vulnerabilities.
In addition, version 4.0 of its namesake container security platform now can detect malware and vulnerabilities in the Linux hosts on which containers are deployed, the company announced.
Rani Osnat, vice president of product marketing for Aqua Security, says the platform now provides same level of support for functions running on a serverless computing framework and longer-running containers. The challenge with securing serverless computing frameworks is that no standard has emerged, so vendors such as Aqua Security need to navigate all the nuances of the serverless computing frameworks being deployed both on-premises and across multiple cloud platforms, he says.
The relationship between functions and containers has become symbiotic in that developers of microservices-based applications built using containers increasingly are using functions to run short-lived child processes on either a local server or public cloud. That symbiotic relationship means cybersecurity teams now need to a holistic approach to securing all the elements of an application regardless of where they are running at any given time, says Osnat. For that reason, Aqua Security makes available plug-ins for continuous integration environments to detect security issues as functions are being built, in the same way it does for containerized applications.
As part of that effort, Aqua Security is now also extending its reach deeper into the Linux hosts that containers and serverless frameworks are deployed on. Version 4.0 of Aqua, in addition to being able to discover malware and vulnerabilities, adds the ability to specify which types of users and OS packages are either allowed to deploy or forbidden from being deployed on a host. It also logs all user commands on the host OS for security and compliance tracking and uploads scripts for benchmark testing.
The latest version of Aqua has achieved a CIS certification for its Kubernetes benchmark, which enables DevOps teams to more easily troubleshoot potential security issues in a cluster based on Kubernetes.
Overall, there’s a lot more focus these days on container security that can be naturally extended to the serverless computing frameworks which are starting to be more widely employed by developers. That challenge cybersecurity teams face is that with each new serverless computing framework that gets employed, the size of the attack surface that needs to be defended becomes that much larger.
Savvy developers are proactively engaging cybersecurity teams to educate them on the nuances of securing those frameworks as part of the general shift left toward implementing best DevSecOps processes. Otherwise, developers run the risk of encountering a knee-jerk reaction from already overwhelmed cybersecurity teams. Given the ability of serverless computing frameworks to substantially reduce the cost of computing by relying on functions to handle tasks that previously would have needed to be embedded within the application, it’s clear serverless computing frameworks are not going away anytime soon. The issue now is making sure functions don’t become the latest vehicle through which IT environments wind up being more efficiently compromised.