The introduction of container technology has shown rapid growth over the last few years. Now, however, that he has seriously set foot in companies, questions are emerging about the safety of containers. Perhaps the basic problem is how safe the containers are?
Most people seem to think that containers are safe. As if they have some magic power when defending against malware. However, Dan Hat Walsh, chief engineer at Red Hat, says IT managers should stop assuming that the Docker and Linux kernel protect against malware, writes CIO Insight.
Unfortunately, it seems , few took this warning seriously. According to the Aqua Security 2021 Cloud Native Security Survey, only 3 percent of respondents recognized that the container alone does not provide security. Only 24 percent of respondents had plans to install runtime security components.
Despite reports that cloud-native attacks are becoming more sophisticated, only 18 percent of respondents recognized that containerized environments are exposed to zero daily risks. This indicates that the default security capabilities of containers are overestimated by many.
“When professionals take a non-holistic approach to protecting their workloads at runtime, they open up their environment to attackers because nor can malware detection prevent zero-day attacks and administrator failures, “said Amir Jerbi, Chief Technology Officer of Aqua.
The confusion over container security may be due in part to the concept of a security boundary. “The security boundary provides a logical separation between code and data in different levels of security domains. For example, the separation between kernel mode and user mode is a classic and simple security boundary,” says Microsoft.
Red Hat considers that, although containers are subject to certain access restrictions, they cannot be considered as a strong security barrier. Cybercriminals can avoid these restrictions. What many people don’t realize in IT is that the different layers of container run security don’t overlap exactly. There are some gaps that make it relatively easy to circumvent container isolation.
Differences between popular container environments such as Docker and Kubernetes can also confuse IT. A protection tool may be available on one platform but is disabled by default on another. So you have to be sensible when it comes to container security.
According to Aqua, attackers have become skilled at hiding their methods and avoiding techniques like static scanning. Accordingly, container-based environments have become more prevalent as well as more dangerous. According to Aqua figures, cyber security mechanisms to detect and prevent hacker attacks and to intrude on intruders, honeypots, have been attacked 17,358 times in six months, an increase of 26 percent over the previous six months.
Aqua recommends the introduction of holistic cloud-native security, including runtime protection, to protect against attackers bypassing detection and gaining access to the production environment. “Holistic cloud-native security is not just about runtime security or any other focus area, but about covering the entire application lifecycle, from architecture to infrastructure to workloads,” said Jerbi.
Like in everything else in security, the sensible approach is defense in depth (DiD). Containers and firewalls also provide some security protection. But no one is so stupid in IT to rely solely on the firewall. Therefore, we should not be so naive as to rely on the built-in safety features of containers. Just as everyone had to learn that the security provided by cloud providers is not foolproof, so should the security of containers be supplemented by the standard DiD approach for overall security.
Hardware, software, tests, curiosities and colorful news from the world of IT by clicking here
