TrapX Security this week announced that its deception platform for misdirecting attacks against IT environments can now be deployed in container environments.
Steve Preston, TrapX CEO, says version 7.2 of TrapX DeceptionGrid makes it possible to spin up a Kubernetes pod with a trap container which communicates with the TrapX Security Operations Console (TSOC). That pod then spins up emulations that fool attackers into interacting with them so that IT teams can detect malicious activity. It also wastes cybercriminals’ time, as they find themselves interacting with emulations that present them with false information about the IT environment, notes Preston.
The latest version of TrapX DeceptionGrid has also been updated to enable it to detect attacks involving vectors such as the SolarWinds Sunburst backdoor, attacks against software supply chains such as the one experienced by Kaseya and attempts to exploit the PrintNightmare vulnerability found in the Windows Print Spooler Service.
Preston says that, unlike a honeypot set up to attract attacks for the purposes of researching malware, TrapX DeceptionGrid is designed to deliberately misdirect malware attacks. The container version of the platform makes it simpler to spin up emulations in near-real-time whenever malware is detected, he adds.
As more containers are deployed in production environments, the attacks being launched are increasing in both volume and sophistication. Previously, most attacks against containers involved efforts to steal resources to mine cryptocurrencies. However, as more mission-critical applications that drive digital business transformation initiatives are being deployed using containers, cybercriminals are making a more concerted effort to exploit container platform vulnerabilities.
The emulation technology created by TrapX Security effectively buys IT teams time to detect malware; the goal is to enable them to limit the potential blast radius of an attack once the emulations deployed detects the presence of malware. It also could potentially frustrate cybercriminals to the point where they may decide to spend their time attacking an IT environment that appears to be less complex, notes Preston.
In the wake of a spate of high-profile breaches against software supply chains, awareness of container vulnerabilities is growing. Cybersecurity teams are being asked to make sure software supply chains are secure, which, in some cases is providing many of them with the first exposure to the nuances of container security.
In the longer term, of course, the hope is container platforms will become more secure as organizations implement DevSecOps best practices to automatically ensure containers are secure during construction and on deployment in a production environment. The challenge, of course, is that new vulnerabilities are always being detected after code has been deployed in a production environment. From a security perspective, the best thing about containers is they make it much simpler to rip and replace vulnerable code.
In the meantime, however, IT teams should not assume containers are safe simply because they might only run for a few minutes at a time. After all, it only takes a few seconds for malware to exploit a vulnerability once it’s discovered.