Alert Logic Extends Intrusion Detection to Containers

Alert Logic announced it has re-engineered its intrusion detection service to add support for Docker containers.

Chris Noell, senior vice president of engineering at Alert Logic, says the company’s Cloud Defender and Threat Manager now supports containers alongside other application runtime environments.

The Alert Logic IDS capability currently can support containers deployed on Amazon Web Services (AWS), Amazon Elastic Container Service, Kubernetes, CoreOS and AWS Elastic Beanstalk. Support for additional cloud-deployed containers will be available before the end of the year.

The Alert Logic IDS inspects network traffic for malicious activity. That capability has been extended to containers via a new ability to capture the metadata that containers expose, says Noell.

The Alert Logic service analyzes the signature of data packets as they traverse the container environment to detect cyberattacks in real time. That data is used to create a graphical representation of the compromised container and its relationships. Once a threat is detected, the Alert Logic security team working in a security operations center then prioritizes and escalates the threat within 15 minutes and offers remediation advice.

The data that the Alert Logic IDS captures also can be exposed via an application programming interface (API) that enables the Alert Logic IDS to serve as the foundation for an integrated approach to DevSecOps, adds Noell. Data captured by the Alert Logic IDS, for example, can be used to identify containers that should be dynamically replaced to thwart an attack either before it happens or while it’s occurring. The replacement of those containers can theoretically occur within seconds of a discovery of an attack vector, he says.

It’s not clear currently the degree to which organizations will opt to rely on managed security services in the age of DevSecOps. Developers are exercising more control over how security policies defined by the cybersecurity team are implemented. That may reduce the level of stress on cybersecurity teams today that are generally short-staffed. In fact, it’s that chronic shortage that is driving more organizations to rely on managed security service providers.

To make matters even more challenging, applications built using microservices tend to increase the total attack surface that needs to be defended. Most organizations will find themselves trying to craft DevSecOps processes spanning developers, cybersecurity teams and external service providers. Unfortunately, there’s not much in the way of well-defined best practices for achieving that goal.

In the meantime, most IT security terms are just starting to full appreciate the implications containers will have on security. Properly employed containers should lead to greater application security because various components of the application will be more isolated. In fact, the whole notion of patch management that is relied on to secure monolithic applications simply disappears in favor on dynamically replacing containers whenever required.

The issue, of course, is first educating IT security teams on how a containerized application is achieved and maintained, and then working through the role cybersecurity professionals will play going forward.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1453 posts and counting. See all posts by Mike Vizard