UPDATED 14:56 EST / SEPTEMBER 28 2021

CLOUD

Container security grows in importance as Red Hat expands automated solutions following key acquisition

Enterprise security has become a top-of-mind issue over the past year and a half, as a wider attack surface, costly ransomware attacks and high-profile breaches affecting energy, government, education and a major swath of the private sector have captured global attention.

Throughout all of this activity, there is a key question that surrounds the cybersecurity debate: Just exactly how secure are containers?

A central resource for enterprise IT, containers bundle main applications and accompanying configuration files into an image that can be saved and deployed rapidly across multiple servers. As long as the code in an image has been properly reviewed and updated, the security risk is low. But when that hasn’t happened, watch out.

There is mounting evidence to show that major segments of the tech industry and government authorities are concerned about container security. In 2018, the Cloud Native Computing Foundation began a security audit that included a thorough evaluation of its most widely-used project — Kubernetes. The audit found credential exposure, inconsistent policy application and vulnerabilities in the container orchestration tool’s Transport Layer Security protocol.

In June, Red Hat Inc. released its “State of Kubernetes Security Report” from a survey of over 500 DevOps and engineering professionals, which found that 94% had experienced security issues or incidents related to containers during the preceding year. And in August, the National Security Agency took the unusual step of releasing a report with accompanying recommendations for hardening Kubernetes container environments.

“Kubernetes can be a valuable target for data and/or compute power theft,” the NSA noted in its findings. “While data theft is traditionally the primary motivation, cyber actors seeking computational power (often for cryptocurrency mining) are also drawn to Kubernetes to harness the underlying infrastructure.”

Vulnerabilities persist

The underlying infrastructure referenced by NSA is emerging as a prime concern. Cybersecurity researchers have uncovered a number of container-based vulnerabilities in recent years, some of which still remain unpatched.

A container exploit named Dirty Cow, which compromises the Linux kernel, was first discovered in 2016 and is still ongoing, according to a recent report from researchers at Trend Micro. Another exploit that attacks runC, the industry standard container runtime, has recently been found to be part of a malware chain that allows attackers to gain control over other users’ containers.

There is also a threat of a privileged escalation attack using Kubernetes. The orchestration tool is designed to have multiple groups of developers involved in various applications that can talk to the main API. If misconfigured, permissions could expand quickly within a cluster.

However, it is not necessarily the technology flaws of Kubernetes and containers that have raised the security risk. It is more because adoption of the tool within many enterprises is still a relatively recent phenomenon, and it is complicated to configure.

“The biggest factor in the potential ease of attacking a Kubernetes-based system is not in the underlying technology vulnerabilities; it is in the mere fact that it is new,” according to Shauli Rozen, chief executive officer at Israel-based ARMO. “Attackers love new systems, which organizations do not yet know how to configure in a secure way. To top that, Kubernetes is a pretty complex system, and it is usually running microservices-based architectures, which by nature are more complicated, have more APIs and a proliferation of software artifacts that are continuously changing — which naturally increases the attack surface.”

Turn toward automated solutions

The enterprise technology community has been addressing concerns around container security through the introduction of a number of tools, many of which have been focused on leveraging automation.

Red Hat Inc.’s solution for building automated processes that can deployed as containers is Ansible, and Kubernetes plays a key role in automating that deployment. Individual actions in Ansible playbooks can be chained together in sequences of tasks, which can be then used by security analysts to automate network responses.

Red Hat also partners with security companies, such as Sysdig Inc. and NeuVector Inc., on a variety of container protection solutions. Sysdig recently announced a number of unified cloud and container security products and provides visibility to run apps confidently with OpenShift.

One solution by NeuVector provides automated security for Kubernetes and OpenShift through container firewall packet-level interrogation and enforcement.

Integration of StackRox and Insights

A discussion of container security would be incomplete without mention of StackRox Inc. The container security company started in 2014 and made a big bet on Kubernetes two years ago. That focus paid off well when the firm was acquired by Red Hat in January of this year.

Prior to the acquisition, StackRox had previously disclosed its business grew 240% in the first half of 2020, yet another data point for rising interest in enterprise container security. StackRox provides automated and on-demand checks for over 300 continuous compliance assessments and delivers visibility across Kubernetes by deploying components directly onto the tool’s infrastructure.

Red Hat has moved quickly to integrate StackRox into its platform of security solutions after closing the deal in February. The company announced a series of application security enhancements in April, based in large part on the acquisition. These included Advanced Cluster Security for Kubernetes in OpenShift and the integration of Red Hat Quay, which allows users to securely store and deploy container images across any infrastructure of choice.

Red Hat has also taken steps over the past year to integrate Ansible into Insights, the company’s SaaS offering, which enabled users to gain actionable intelligence on Red Hat Enterprise Linux environments. With this move, any recommended remediation plan can be executed automatically.

“Securing IT environments, and especially containerized ones, is a formidable challenge,” said Joe Fitzgerald, vice president and general manager of the Management Business Unit at Red Hat, in an interview with theCUBE, SiliconANGLE Media’s livestreaming studio. “The complexity and scale of modern application deployments doesn’t have equals in history. We believe Red Hat Insights is a critical addition in the CISO portfolio because it helps IT organizations reduce the number of weak systems in the environment.

There is another important reason why automation will need to play a central role in container security. Today’s cloud application developer wears a second hat as a security engineer. What’s wrong with this picture?

The problem is that effective security is a team sport and app developers have way too much on their plates to devote the time necessary for applying critical security policies. A more realistic approach involves the use of cloud native application protection and cloud security posture management platforms.

There are already signs that companies are looking more closely at CNAPs and CSPMs to perform key tasks on containers, including continuous scanning of apps and enforcement of standardized security policies. This may also hasten a move toward consolidation and centralization of enterprise security controls.

A survey of IT professionals conducted by Enterprise Strategy Group and released in June found that 35% have already gone down the consolidation path and another 50% were planned to implement this strategy over the next two years.

“Containers have evolved in capability and sophistication,” said Dave Vellante, chief analyst at Wikibon, SiliconANGLE’s research affiliate. “However, their seemingly ubiquitous use has brought a pressing need for enterprises to have a secure and governed way to manage these technology tribbles. And these are gaps Red Hat is leading the charge on filling.”

Image by Peshkova

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU