SECURITY
SECURITY
SECURITY
Study finds most software container users are unaware of crucial security principles
The vast majority of software container users are unaware of crucial security principles that underline the urgency for runtime controls, according to a new study released today by cloud-native security company Aqua Security Software Ltd.
The 2021 Cloud Native Security Practitioner study, based on a survey of 150 cloud-native security practitioners and executives from information technology, security and DevOps teams, found that only 3% of respondents recognize that a container, in and of itself, is not a security boundary. Conversely, 97% didn’t, indicating that the default security capabilities of containers are overestimated.
Only 24% of respondents have plans to deploy the necessary building blocks for runtime security, a result the study notes is especially alarming. Nearly a third of respondents said they were confident in overall holistic runtime security protection, but fewer than 23% of respondents had the necessary building blocks of runtime security in place.
The study also found a knowledge gap concerning supply chain risks. Nearly three-quarters of respondents said they believed they could stop software supply chain attacks evading static analysis, but that’s the result of an apparent misconception about the role of runtime security in achieving this protection.
“There is concerning overconfidence in the perceived ability to prevent supply chain attacks,” Amir Jerbi, co-founder and chief technology officer at Aqua Security, said in a statement. “The reality is that runtime security is essential because sophisticated supply chain attacks evade static analysis.”
Referencing a previous report where Aqua Security found that attackers are becoming more proficient at hiding their methods and evading static scanning, Jerbi noted that “we see unnamed attackers use legitimate vanilla images to download malicious elements at runtime, Kinsing malware that only downloads in runtime, and attackers like Team TNT who hide their malicious communications attacking our honeypots on daily basis.”
Jerbi added that holistic cloud-native security should be the goal. “It is not just about runtime security or any other one focus area,” he said. “It is about ensuring the entire application life cycle is covered, from the build to the infrastructure and the workloads.”
Image: Aqua Security
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
