Now that containers have been around for a few years and have had their share of disclosed vulnerabilities, it’s time to revisit some of the more interesting ones and see if there’s a recurring theme or any underlying trend to highlight.
In their recent research note, “Top 10 Security Projects for 2019”*, Gartner analysts highlighted ten initiatives that Security and Risk Management leaders should implement or improve in 2019. Container security is on this list.
Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being …
While Docker provides an efficient development and deployment environment, compromised Docker components can infect your entire infrastructure. Docker containers can be used as an access point to other containers and host systems. This cheat sheet lists the unique issues posed by Docker containers, how to safeguard …
In support of Amazon’s announcement this week at re:Invent surrounding the new AWS Container Marketplace, we’ve made the Aqua Container Security Platform available for on-demand consumption (pay as you go), via the newly minted AWS Container category in the Marketplace.
We have several new listings in the AWS …
Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or custom-developed code, as container images. These images are then fed into the …
Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael Isbitski, 28 August 2018), with a detailed analysis of the space, including open source tools and commercial solutions.
We're …
Aqua released a free tool called kube-hunter to help with Kubernetes Security. You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing.
Good news for those of you running container workloads on GCP - we now provide a nice integration with Google's Cloud Security Command Center. The Cloud SCC provides a centralized, single-pane-of-glass view of all security data for GCP applications, and providing actionable insights. It includes things like access …
In late 2016 we enlisted the help of security analysts and thought leaders Securosis to perform an in-depth best practices analysis of what companies should do to build a security program around containers. In the 14 months that passed, many things have evolved in the container (and now, cloud-native) ecosystem. So …
Today’s #1 Attack: Zero-day exploits of new and previously unknown vulnerability in apps and OSs
Container Security Top Challenges: Lack of adequate and disparate security tools, vulnerabilities in images, and the need for granular access-control between containers