SentinelOne Applies Behavorial Analytics to Container Security

SentinelOne has revamped its agent software for endpoint protection to support containers, extending the reach of its cybersecurity software to protect Linux servers and cloud computing platforms.

Chris Bates, vice president of security strategy for SentinelOne, says support for containers also now makes it possible to apply the behavioral artificial intelligence (AI) capabilities of the SentinelOne platform to ephemeral containers, which cybersecurity teams are finding difficult to secure.

The SentinelOne platform makes use of agent software deployed on a platform alongside machine learning algorithms to determine what communications between services should be whitelisted in an environment and then identify and block any anomalous behavior. That approach allows SentinelOne to track the behavior of containers as they are replaced within any set of microservices, says Bates.

IT organizations can either deploy the SentinelOne agent as sidecar container or directly on the Linux host, Bates says, noting
legacy cybersecurity technologies that depend on IP addresses to keep track of changes within an IT environment are not applicable in cloud-native computing environments that can be made up of thousands of containers. Developers replace containers to add new functionality without ever changing an IP address, which means developers can accidentally encapsulate vulnerable software in the containers. The best way to identify whether the containers have been compromised is to monitor continuously how those containers are trying to communicate with other services inside and out of the application environment, he says.

As the number of containerized applications in production environments increases, cybersecurity has become a significant stumbling block. Cybersecurity teams often are reluctant to approve the deployment of applications for which they have little to no visibility into how they are behaving, much less being able to enforce cybersecurity policies. SentinelOne is making a case for a cybersecurity platform that leverages AI and other forms of behavior analytics to maintain a white list of containerized application services.

It’s too early to say whether the rise of containers will require organizations to embrace AI to maintain cybersecurity. Cybersecurity teams, however, are already having a difficult time making sure legacy monolithic applications are secure. The highly dynamic nature of containerized applications is only likely to exacerbate the stress many are experiencing already. Short of hiring many more cybersecurity experts, who are hard to find and retain, the only way to address container security effectively is to rely more on AI. It’s not likely AI will replace the need for cybersecurity expertise, but it will go a long way to even the odds.

In the meantime, it’s likely cybercriminals will scan more aggressively for containers to compromise. Rather than wait for that inevitable turn of events, many organizations may decide that an ounce of AI prevention today is likely going to be worth a pound of cure tomorrow.

Mike Vizard

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 620 posts and counting. See all posts by Mike Vizard