Sysdig Report Surfaces Major Lack of Container Security
A new Sysdig report finds 87% of container images have high-risk vulnerabilities of which 15% make their way into runtime environments. The report also finds that 71% of those vulnerabilities have a fix available that has not been applied.
Sysdig’s report is based on an analysis of how containers are run in environments that rely on its integrated observability and security platform.
The 2023 edition of the report also finds millions of dollars are being wasted on overprovisioned IT infrastructure. Well over half of containers (59%) have no CPU limits defined and 69% of requested CPU resources go unused. Sysdig estimates organizations could be overspending on IT infrastructure by as much as 40%.
Michael Isbitski, director of cybersecurity strategy at Sysdig, said that containers’ short lifespan makes it difficult to troubleshoot container environments. The Sysdig report finds 72% of containers live less than five minutes with about half of container images being replaced in a week or less. The ephemeral nature of containers tends to lull organizations into a false sense of security because while an individual container might only run for a few minutes, another container with the same vulnerabilities will quickly be spun up, he notes.
Once they discover a container that has vulnerabilities, cybercriminals will wait patiently for the next iteration of that container and then exploit those vulnerabilities, notes Isbitski.
More challenging still, the Sysdig report finds 90% of granted permissions are not used, which creates additional opportunities for cybercriminals to escalate privileges once they compromise a set of credentials. Worse yet, 83% of containers are running as root. In fact, the report finds only 16% of organizations have strong best practices in place for securing containers.
While development teams are assuming more responsibility for cybersecurity as they embrace DevSecOps best practices, Isbitski says it’s clear that cybersecurity teams need to be able to secure the runtimes that container applications are deployed on. Most development teams lack cybersecurity expertise, so the probability vulnerabilities will find their way into production environments is still high, he notes.
IT teams should also take care to slim down images because many of the loaded modules may not actually be used by the application. That additional bloat only increases the overall size of the attack surface that needs to be defended, Isbitski says. Similarly, the size of the base operating system also impacts the overall size of the attack surface, he adds.
On average, the Sysdig report finds there are now 90 containers running per host, so the level of density per platform instance continues to increase steadily. However, only 45% of organizations are running two or more Kubernetes clusters and only 44% are running more than six nodes per cluster. More than half of organizations (54%) are also running more than 100 pods.
Regardless of the Kubernetes maturity level, the number of Kubernetes clusters being deployed continues to steadily rise. The challenge, as always, is finding a way to manage those clusters and secure them.
