Containers have grown in popularity, as they provide users with a mobile, fast, and functional development tool. They run directly on an OS kernel, eliminating many operation headaches. However, notable vulnerabilities have made container security solutions essential. Analyst house, Forrester, shares this sentiment in their recent Now Tech: Container Security Q4 2018 report.
This report covers 24 of the top container security solution providers. Forrester also aims to help security pros understand the value they can expect from a container security provider.
Developers love containers due to the increased speed and mobility. Forrester states that 58 percent of developers report that their companies use containers or plan to use containers in the next 12 months. They cite another study which found that 43% of respondents see security as a challenge hindering container adoption.
Leaving security testing to the end of a release doesn’t make sense in a fast-paced business environment. In fact, it would be contradictory to DevOps and containers themselves to spend a lot of time on manual container security. So much so, that some teams release without proper security and then deal with significant vulnerabilities later.
Container security solutions embed security controls within containers across the software delivery lifecycle. Developers want to adopt containers regardless of the security capabilities. Embedding security within automated development processes allows security pros to minimize friction with developers.
Forrester segmented the vendors into three categories based on revenue. As most companies included offer more than container security, only container security revenue counts. The included vendors are listed below.
Large – >$10M
- Aqua Security
- Red Hat
Midsize – $1M to $10M
- Threat Stack
- Trend Micro
Small – <$1M
- Layered Insight
- Tufin Technologies
The report also covers functionality segments to explore the different approaches to container security. The three segments include container security specialists, container security suite, and container security platforms.
Container security specialists provide depth of capability but have limited scope. Vendors that fit here are either startups or container security is offered as a feature in a larger security tool. These tools require complementary tools to fully address container security.
Container security suites protect multiple stages of the container lifecycle. These vendors have provided other security features and expanded to cover aspects of container security. However, solutions in this category vary in integration with other container security options, CI/CD integration, and support for different container formats.
Container security platform vendors offer comprehensive capabilities. Forrester notes they may be inconsistent though. Providers that fit here fully committed to container security as their flagship solution. However, this causes many to excel in certain areas while being unbalanced elsewhere.