Twistlock has extended its container security relationship with IBM to include integration with IBM Cloud Security Advisor, a hub through which IBM consolidates cybersecurity alerts pertaining to potential threats to the IBM Cloud Kubernetes Service.
John Leon, VP of business development and alliances at Twistlock, says this integration extends the alliance between Twistlock, which provides a container security platform, beyond the support Twistlock already provides to various arms of IBM’s professional and managed services organizations.
The Twistlock container platform now shows up as a set of tiles that are easier to manage for DevOps teams running containerized applications on instances of Kubernetes running on IBM Cloud. Those tiles not only make it easier to investigate alerts, but they also surface historical details relevant to that specific alert.
There’s naturally a lot more focus these days on container security in the wake of two significant vulnerability disclosures. Red Hat recently revealed a CVE-2019-5736 flaw in the open source runc command line utility, which is widely employed to spawn and run containers. In theory, cybercriminals could take advantage of this flaw to inject a malicious container that would be allowed to access the host filesystem. That disclosure followed the discovery of another security flaw involving a privilege escalation issue that affects all versions of the Kubernetes API server. A cybercriminal could use this flaw to access every single machine in a cluster via the API server. The team that oversees the development of Kubernetes is recommending that every organization running Kubernetes immediately update their Kubernetes clusters to remediate the issue.
Leon says Twistlock is aligning itself around IBM’s multicloud strategy that is anchored on Kubernetes, which makes it possible to deploy application workloads on a variety of cloud platforms in addition to on-premises systems. The goal, he says, is to make it easier for organizations to implement best DevSecOps practices across a highly distributed computing environment made up of platforms from different IT vendors.
IT may take a while for cybersecurity professionals to catch up to the rate at which cloud-native applications based on containers are being deployed across the extended enterprise. But it’s apparent these applications will require organizations to adopt new approaches to cybersecurity. The core issue that needs to be addressed is whether organizations will require dedicate container security tools or will be able to extend their existing tools in a way that enables them to secure containers. Proponents of new approaches argue that existing tools do not provide enough visibility to secure container environments. Providers of legacy cybersecurity frameworks contend most organizations can’t afford to deploy two isolated cybersecurity frameworks when one framework can be extended to support containers and legacy platforms based on virtual and physical machines.
Regardless of the path chosen, the one thing for certain is containers will be much higher on the cybersecurity agenda this year. The decision as to which platform to employ to secure them, however, is likely to have as much to do with how accessible it is as it does the level of security enabled.