VMware this week announced it is making available container runtime security capabilities in a VMware Carbon Black Cloud Container Advanced Bundle.
Shemer Schwarz, senior director of product management for VMware, says this offering extends the Carbon Black security platform that VMware acquired in 2019 into the realm of container runtimes.
Container runtime security capabilities now include runtime cluster image scanning within Kubernetes clusters running on-premises or in the cloud and the ability to employ algorithms to detect deviations in network modules that are indicative of workload anomalies.
There are also visualization tools to map application architectures to better identify malicious egress destination connections based on IP addresses and behavioral data, potential workload policy violations and vulnerable images along with an integrated dashboard to view and correlate events at both the host and container layers.
Finally, threat detection allows IT teams to scan open ports to check for vulnerabilities and also determine if a lateral attack is in progress.
In general, container security is becoming more challenging as the number of cloud-native workloads deployed on Kubernetes clusters increases. Container runtime security challenges include everything from how to only allow legitimate traffic in and how to enable least-privileged communications between services to defend against the lateral movement of attackers and validating how a workload is operating within the expected guardrails.
There is also a tendency to assume that because a container only runs for a few seconds that it won’t be compromised. However, not only are containers starting to run for longer periods of time, but they are also being used with stateful applications containing sensitive data. Not surprisingly, cybercriminals are becoming more adept at identifying and compromising misconfigured containers to gain access to that data.
On the plus side, more attention is being paid to container security as organizations look to lock down software supply chains in the wake of a series of high-profile breaches. A recent survey conducted by VMware found that 97% of technology leaders have concerns about Kubernetes security, with 20% specifically identifying containerized workloads at runtime as their biggest concern.
Ultimately, Schwarz says it’s apparent that application development, security and IT operations teams will need to work more closely together to secure cloud-native container-based application environments running on Kubernetes clusters. The degree to which responsibility for securing containers might shift left toward developers or shift right toward operations teams will vary by organization, he says.
Regardless of approach, however, securing IT environments is becoming more challenging as organizations deploy microservices-based applications alongside monolithic applications. VMware is making a case for an integrated approach to securing both classes of applications using a common security platform.
It’s not clear to what degree organizations will opt for a single platform versus deploying a security platform that only applies specifically to containers. One way or another, however, it’s now only a matter of time before container runtime security becomes a more pressing issue.