Cyber-security firm Tenable Network Security Inc. is betting on the rise of containers, which allow applications to run on any computer. But ensuring the security of containers deployed usingDevOps, a method of speeding up deployment of information technologies in companies, has been a particular challenge.

That’s why Tenable recently acquired the San Francisco-based startup FlawCheck. Tenable, which is based in Columbia, Md., is a startup itself, one of several cyber-security firms that have sprung up in the shadow of the nearby National Security Agency in recent years. The company’s security platform is built around its Nessus network vulnerability scanner, which is available as both a cloud and on-premises vulnerability scanning and management solution.

As for FlawCheck, it was founded just last year to provide tools for scanning application container images for malware and other security vulnerabilities. FlawCheck’s very specific approach provides for continuous monitoring of Docker containers, which ties in very nicely with the continuous integration and deployment tools used by DevOps teams as they build their images. FlawCheck’s software helps to ensure that containers running production workloads remain isolated from one another, and therefore stay compliant with enterprise security policies.

Leading container companies such as Docker Inc. have focused on leveraging Linux kernel features, including control groups and namespaces, in their security efforts. That has provided a basic level of defense against cyber-threats. Isolation is another key part of container security. But Tenable says all those efforts are not nearly enough.

“Users need to take additional steps to lock down the [Linux] kernel, reduce the attack surface of the Docker daemon [the background process that answers requests for services] and harden the container configuration to have a truly secure setup,” the company said in a blog post earlier this year.

Tenable’s acquisition of FlawCheck comes at a time when containers are helping to rapidly accelerate DevOps processes. For example, these days containers are often redeployed on the fly, generating a need for DevOps teams to be able to automate the process of scanning them for vulnerabilities first.

FlawCheck cofounder Anthony Bettini said the startup’s scanning tool is designed to give DevOps teams greater visibility into container security by enabling the continuous monitoring of software development and container deployments.

“Containers are changing the software development and deployment process, but many organizations don’t have a way to properly maintain and secure them,” Bettini said in a statement. “FlawCheck scans containers early in the software development lifecycle to make it easier and safer to deploy them in production, and then continuously monitors them for vulnerabilities and malware. By seamlessly incorporating FlawCheck into their development and deployment processes, enterprises gain visibility into the hidden security risks present in containers, enabling fast remediation without slowing innovation cycles.”

Tenable is likely to release an updated IT security platform in 2017 that incorporates FlawCheck’s container scanning abilities, Bettini added.

Image credit: Ben_Kerckx via pixabay