Application security startup Deepfence Inc. is pitching a novel way to protect software containers with the launch today of a new “Security-as-a-Microservice” product.

Software containers are an emerging technology increasingly popular with developers and large enterprises in general, because they provide an easy way to build applications that can run on any hardware or operating system without the need to be altered. However, the technology is still relatively immature and is generally considered to lack the same kind of protections of more established software infrastructure such as virtual machines.

“The dynamic nature of containers, increased adoption of public and hybrid cloud, and explosion in east-west traffic have created far too many blind spots for traditional security solutions to be effective. Most of the new approaches claiming to address these issues are intrusive, riddled with false positive, and far too heavyweight to scale in production. We are proud to announce industry’s first and only security solution native to new application and infrastructure paradigms,” said Sandeep Lahane co-founder and CEO of Deepfence.

Deepfence’s idea is to shine a light on those blind spots with a “distributed intrusion prevention system” that measures and maps the attack surface area of software container deployments as they run in order to spot attacks as they happen. The system is deployed atop on-premises servers as a “lightweight sidecar container,” which attaches itself to the application’s host container. It can be scaled up and orchestrated using tools such as Kubernetes, which is the most popular orchestration software for managing containers.

Deepfence’s system relies on something called Semantic Patching technology, which the company describes as a combination of rules and artificial intelligence-based techniques for isolating individual workloads in order to detect attacks. The system “monitors what comes in, what goes out, and what changes on every host and container,” the company said. The AI then correlates the data it collects to identify suspicious events.

Deepfence posted the following video that explains how its technology works in more detail:

Jay Lyman, principal analyst at 451 Research Inc., said Deepfence’s system is interesting because many users make the mistake of trying to compare container security with that of virtual machines.

“What’s needed is insight into what’s in the containers, traffic across different infrastructure, and how it is all behaving,” Lyman said. “This means deep packet inspection of all traffic, including inter-container traffic and correlation with process, file and system calls, to detect known and unknown attacks, as well as a combination of deterministic and probabilistic methods for detection and workload isolation.”

Deepfence is planning to demonstrate its on-premises security software at the Container World event later this month, and at the RSA Early Stage Expo 2018 this April.

Image: Deepfence