Secure Your Containers Like Your Apps Depend On It

By : Yaffa Finkelstein | Thursday, October 22 2020 - 10:35 IWST

Yaffa Finkelstein - Product Marketing Manager, Check Point Software Technologies (Photo by Linkedin)
Yaffa Finkelstein - Product Marketing Manager, Check Point Software Technologies (Photo by Linkedin) - This goes out to the security experts who are tirelessly pursuing security, through the cloud evolution and into the agile world of Kubernetes and containers. Today we’ll share some of the container security concerns which you might not have considered until now, and we’ll explain how to mitigate those risks, without imposing on your agile DevOps teams.

Here are the top questions you should ask yourself, as you assess the ability of your container security solution to keep your applications safe:

1. How can you secure it if you can’t see it?

If you want to ensure that your app remains safe, you need to make sure that you can quickly pull up a visualisation of all of your assets and the relationships between them. Make sure that you can quickly identify whether there is any anomalous traffic activity at a glance.

2. Industry security benchmarks are important but what about the organisation’s security policies?

Beyond complying with security best practices and regulatory requirements such as NIST & CIS benchmarks, make sure that you have the ability to create custom compliance rules so that you can auto-enforce corporate governance on a granular level even in a dynamic container environment, without distracting DevOps.

3. How far-left can you shift the security practice? Shift-left further!

To prevent the inevitable frustrations that come with security that isn’t integrated into DevOps pipelines, you need a CI tool that will scan container images before code is even committed. It’s the only way to ensure that your code remains security-centric and it aligns all stakeholders with your objectives – to keep workloads safe from exploits.

4. What are the hidden dangers of labelling and cluster operations management?

Misused container labels can inadvertently create security holes and while labeling provides a number of advantages within a dynamic microservices environment, this can be exploited with malicious intent. Always make sure that you have the ability to set security policies and guardrails for cluster operations, and to enforce least privilege access rights. Consider creating rule based access control for labelling, to keep a handle on who has access to the different parts of the architecture.

5. Can you block malicious attacks on a container in runtime?

Yes, you most certainly can, if you have a runtime agent that is able to continuously scan for vulnerabilities, and that can identify malicious behaviour in real time. The only way to ensure the integrity of every container is to deploy a solution that you know can detect and block incidents in real time.

While these are the key questions you should be asking yourselves, we also have a path to help them move forward. First, in order to provide strong runtime security and application control for your containers, you need to determine your baseline behavior at the application layer. You can do this by running a security assessment of your container environment to discover hidden threats and misconfigurations that could be placing your organisation in jeopardy.

Second, set up a time with a cloud DevSecOps expert to review your assessment and outline a path for automating security and posture management directly into your dev cycle. You should also be able to have more context and for the first time be able to visualise your network map and understand the different container resources accessing each other.

The goal of these next stages is to provide a holistic understanding of all of the moving parts in order to secure the entire application. Onboarding a container security solution is simple, and when integrated into your CI/CD pipeline, even easier. And by taking this leap, you can finally move away from a monolith mentality when it comes to security of your containers and other microservices into one that is automated and better aligned to protect against modern threats. You can be the super hero of your DevSecOps team!

News Comment

Today's Industry

The President Director of PT Indo Premier Sekuritas, Moleonoto

Minggu, 13 Juni 2021 - 11:33 WIB

Promote Exchange Traded Fund, Indo Premier Holds ETFest 2021

The optimism of Indonesian capital market investors continues to squirm during the Covid-19 pandemic, despite the JCI has been under selling pressure in recent weeks. This optimism is reflected…

President Jokowi on Thursday (10/06) inspected mass COVID-19 vaccination at Kampung Rambutan Bus Station, Jakarta. Photo by: BPMI of Presidential Secretariat/ Muchlis Jr

Kamis, 10 Juni 2021 - 22:15 WIB

President Jokowi Inspects Mass COVID-19 Vaccination at Kampung Rambutan Bus Station

President Joko “Jokowi” Widodo on Thursday (10/06) inspected mass COVID-19 vaccination at Kampung Rambutan Bus Station, Jakarta.

President Joko Widodo

Kamis, 10 Juni 2021 - 21:00 WIB

President Jokowi: Limited Face-to-Face Learning Will Be Done With Extra Caution

The Government has announced plan to allow face-to-face learning at schools in the new academic year in the upcoming July. Related to this plan, President Joko “Jokowi” Widodo has ordered…

President Jokowi inspects mass vaccination at Indoor Stadium of KElapa Dua Sport Center in Tangerang regency, Banten province, Wednesday (09/06/2021). (Photo: Bureau of Press, Media, and Information of Presidential Secretariat/Muchlis Jr)

Kamis, 10 Juni 2021 - 20:00 WIB

Gov’t Aims for One Million Vaccinations Per Day in July

The Government has announced target to give 700,000 jabs of vaccine per day in June and one million jabs per day in July. During inspection at mass COVID-19 vaccination site on Wednesday (09/06)…

President Jokowi inspects mass COVID-19 vaccination at RSUI Depok, West Java, Wednesday (9/6). (Photo by: BPMI/Muchlis Jr)

Kamis, 10 Juni 2021 - 19:00 WIB

President Jokowi Inspects Mass COVID-19 Vaccination at Universitas Indonesia Hospital in W. Java

President Joko “Jokowi” Widodo, on Wednesday (9/6), inspected mass COVID-19 vaccination at Universitas Indonesia Hospital (RSUI), Depok, West Java.