StackRox today announced it has expanded it container security platform to address the entire life cycle of processes associated with securing containers.
The latest release of the StackRox Container Security Platform now makes use of threat information detected at runtime to create risk scores that can be used to inform security policies as containers are being built and deployed.
Wei Lien Dang, vice president of product for StackRox, says risk scoring will enable IT organizations to identify containers employed within a microservice that are likely to have similar issues as containers identified as having a specific vulnerability, such as making use of an outdated library within the container.
That new capability complements existing vulnerability scanning and policy enforcement capability that can be employed to segment networks and protect credential secrets. The StackRox platform evaluates configurations such as role-based access controls, network policies and secrets in Kubernetes. If an attacker conducts reconnaissance and scanning within the container environment or exploits orchestrator misconfigurations, the StackRox container security platform will detect that activity, he says.
Those capabilities extend to the kubelet, Kubernetes service endpoints or metadata servers within the Kubernetes cluster, says Lien Dang. Several examples of orchestrator-related attacks have been published, including news of a compromise of Tesla’s Kubernetes infrastructure that allowed attackers to mine cryptocurrency and a report detailing how an attacker could have compromised Shopify’s Kubernetes clusters.
Lien Dang notes that, rather than focusing solely on individual containers, organizations need to apply a more services-centric approach to cybersecurity. Containers themselves are ephemeral, so by the time an issue with a container is discovered it’s likely that container has been replaced already. StackRox makes it easier to identify potential container security issues, but Lien Dang says the real focus of the cybersecurity team needs to be on applying policies to the encrypted microservices that make up the entire application. Developers can focus on replacing containers when alerted to a specific security concern as part of the DevSecOps shift to the left, says Lien Dang.
The challenge is that not every organization is as equally far down the DevSecOps maturity curve. The StackRox Container Security Platform provides a means for developers and IT security professionals to collaborate with one another at whatever level both teams are comfortable with, he says.
It’s not clear yet to what degree IT security will shift to the left. Most developers will only employ security tools that in some way expose an application programming interface (API). However, most cybersecurity professionals today don’t have any programming skills. That makes it unlikely cybersecurity professionals will be participating in, for example, a daily scrum session that occurs within a DevOps process. But the policies that developers need to adhere to most often are going to be defined and updated by the cybersecurity team.
The good news is that once those policies are defined, the containerized applications should be a lot more secure than any legacy application code that preceded it.