Aqua Security this week updated its Aqua Container Security Platform to make it possible to limit the types of system calls a container can make to the underlying operating systems.
Rani Osnat, vice president of product marketing for Aqua Security, says version 3.2 of Aqua Container Security Platform enables IT organizations to employ syscall filtering to essentially create a whitelist of calls a container can make. Any attempt by an attacker to use a non-whitelisted syscall will be blocked by the platform, which will then generate an alert, says Osnat.
Each container typically only makes use of somewhere between 40 to 70 syscalls, he notes, so limiting the number of those calls substantially reduces the attack surface that needs to be defended. That approach also serves to reduce vulnerabilities to zero-day attacks, Osnat adds.
The latest release of Aqua Container Security Platform also adds support CRI-O and containerd specifications to complement its existing support for Docker container formats. As container technologies continue to evolve, Osnat says additional container specifications optimized for specific types of IT environments most likely will continue to emerge. The challenge cybersecurity professionals will face is finding a common platform on which to manage cybersecurity across various types of container formats.
In a similar vein, Aqua Container Security Platform now can support AWS Lambda functions that are available on Amazon Web Services’ (AWS) serverless computing framework. Most serverless computing frameworks will be employed as extensions of long-running containerized applications, which makes it necessary to apply a common cybersecurity framework across both environments, says Osnat.
Version 3.2 of Aqua Container Security Platform also now can monitor both successful and failed login attempts on containers in addition to being able to discover and scan container images stored on the host.
Aqua Security has also updated the Security Platform’s firewall to allow rules based on domain names in addition to container/cluster IP addresses, and is providing integration with a quarantine capability that Microsoft has made available in the Azure Container Registry.
There also are additional compliance templates to meet NIST, PCI, HIPAA and GDPR requirements along with enhanced SAML support to enable federated single sign-on capabilities across a range of cloud services.
Osnat says the Aqua Container Security Platform is designed from the ground up to address the entire life cycle of container security, including auditing. One of the major challenges developers encounter when deploying containers in a production environment is resistance from compliance teams that need to be able to demonstrate conclusively what containers were accessed by whom at what time. The ephemeral nature of containers makes that a major challenge. By automating the full container security life cycle, Osnat says, Aqua Security is trying to address the concerns of both cybersecurity and compliance teams.
It’ll be interesting to see whether containers finally force the cybersecurity and compliance automation issue within IT organizations. Automation of those functions has been uneven at best in legacy environments. It’s hard to see how those requirements will be addressed, however, without relying more on automation.