UPDATED 08:00 EDT / JULY 22 2021

SECURITY

Study finds most software container users are unaware of crucial security principles

The vast majority of software container users are unaware of crucial security principles that underline the urgency for runtime controls, according to a new study released today by cloud-native security company Aqua Security Software Ltd.

The 2021 Cloud Native Security Practitioner study, based on a survey of 150 cloud-native security practitioners and executives from information technology, security and DevOps teams, found that only 3% of respondents recognize that a container, in and of itself, is not a security boundary. Conversely, 97% didn’t, indicating that the default security capabilities of containers are overestimated.

Only 24% of respondents have plans to deploy the necessary building blocks for runtime security, a result the study notes is especially alarming. Nearly a third of respondents said they were confident in overall holistic runtime security protection, but fewer than 23% of respondents had the necessary building blocks of runtime security in place.

The study also found a knowledge gap concerning supply chain risks. Nearly three-quarters of respondents said they believed they could stop software supply chain attacks evading static analysis, but that’s the result of an apparent misconception about the role of runtime security in achieving this protection.

“There is concerning overconfidence in the perceived ability to prevent supply chain attacks,” Amir Jerbi, co-founder and chief technology officer at Aqua Security, said in a statement. “The reality is that runtime security is essential because sophisticated supply chain attacks evade static analysis.”

Referencing a previous report where Aqua Security found that attackers are becoming more proficient at hiding their methods and evading static scanning, Jerbi noted that “we see unnamed attackers use legitimate vanilla images to download malicious elements at runtime, Kinsing malware that only downloads in runtime, and attackers like Team TNT who hide their malicious communications attacking our honeypots on daily basis.”

Jerbi added that holistic cloud-native security should be the goal. “It is not just about runtime security or any other one focus area,” he said. “It is about ensuring the entire application life cycle is covered, from the build to the infrastructure and the workloads.”

Image: Aqua Security

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.