Regular readers of The State of Security should now have a general understanding of why organizations need security
for their containers. But they still might be a bit fuzzy on the specifics. In particular, they might still be unclear on the types of threats they need to address as well as the container areas that are most at risk.
This knowledge is crucial. Without it, enterprises are more prone to invest in piecemeal solutions than to research security controls that bolster their container security across all environments. They're also less likely to spot the nuances separating well-known threats from new exploits.
That being said, here are four areas on which organizations should focus the bulk of their container security efforts.
The build environment is the first area that needs protection because it's typically the least secure. Attackers can exploit this fact to deploy malicious code. They can also make malicious alterations to automated build controllers and abuse error-laden configuration scripts to expose credentials. Organizations also want to if there are any vulnerabilities in the runtime code as well as if they can audit for potential concerns and catch any errors.
Operations folks oftentimes lack knowledge into what a specific container does and if it's the correct version. They might also not know if developers included tools in the container to alter its contents as well as how they can map access rights to OS and host resources. This latter difficulty can open up the stack to attack. At the same time, security personnel might not know what hardening has been performed, information they need in order to protect containers.
Organizations are commonly worried about the security of the underlying operating systems. Most commonly, their top concern is whether everything's configured correctly in order to restrict a container's access to necessary resources. If not, the container could potentially attack the host OS or container engine. Such an attack could spell trouble for the cluster of containers and enable bad actors to load malicious code in order to pivot to other systems.
With containers widely considered a unit of application delivery, organizations are beginning to focus on how they can streamline the process of managing their containers. Unfortunately, most orchestration manager tools currently focus on scalability and ease of management at the expense of security. As such, these solutions introduce their own issues and vulnerabilities such as insecure default configurations and code injection bugs.
Knowledge for Defense
Now that organizations have a clear idea of what concerns are involved with container security, they can figure out the best approach to apply security to their build and runtime environments as well as to their operating systems and orchestration managers. Enterprises can obtain recommendations towards these ends by downloading Tripwire's eBook The Complete Guide to Container Security. Download your copy today