{"id":2723,"date":"2018-10-05T15:25:48","date_gmt":"2018-10-05T19:25:48","guid":{"rendered":"https:\/\/solutionsreview.com\/cloud-platforms\/?p=2723"},"modified":"2018-10-08T12:31:17","modified_gmt":"2018-10-08T16:31:17","slug":"container-security-issues","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/","title":{"rendered":"The Commonly Overlooked Issues in Container Security"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2727\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg\" alt=\"container security issues\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg 800w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity-300x150.jpg 300w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity-768x384.jpg 768w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity-540x270.jpg 540w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity-162x81.jpg 162w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\">The way enterprises build applications has changed dramatically in the past decade. Containers have become the clear favorite for modern enterprises due to their speed and mobility. Furthermore, they run directly on the OS kernel, so users don&#8217;t deal with many operations headaches. Despite these strengths, containers lack the proper levels of security.<\/p>\n<p style=\"text-align: justify\">Many enterprises turn to container security solutions to improve functionality. However, solutions in this space still need time to grow. No provider offers an all-encompassing container security tool. Some enterprises use multiple container security tools to build a more expansive suite. Integration between these solutions often proves difficult though. This was the primary takeaway when I asked industry experts their thoughts on overlooked container security concerns.<\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<h5 style=\"text-align: justify\"><strong>Inconsistent coverage<\/strong><\/h5>\n<p style=\"text-align: justify\">Container security solutions often lack diverse coverage. Each falls into a specific category of coverage but may lack strengths elsewhere.<a href=\"https:\/\/www.forrester.com\/report\/Now+Tech+Container+Security+Q4+2018\/-\/E-RES142078\" target=\"_blank\" rel=\"noopener\"> Forrester recently<\/a> divided functionalities <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/forrester-now-tech-container-security\/\" target=\"_blank\" rel=\"noopener\">into three segments &#8211; container security specialists, security suites, and security platforms.<\/a> Due to the underlying complexity of containers, creating all-encompassing solutions proves difficult.<\/p>\n<p style=\"text-align: justify\">Of this, <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/improve-container-security\/\" target=\"_blank\" rel=\"noopener\">Twistlock CTO John Morello said:<\/a><\/p>\n<p style=\"text-align: justify\">&#8220;A lot of point solutions out there focus on 1 aspect of security. For example, only providing vulnerability management. \u00a0At the same time, there are some existing legacy security vendors starting to add compatibility with containers.<\/p>\n<p style=\"text-align: justify\">I think both of these miss the big opportunity here. If you\u2019re using a modern security platform that leverages the core characteristics of containers, you can do security that\u2019s more automated, more efficient, more effective, and more complete than traditional solutions. \u00a0A point solution may do one thing well, but if you have to integrate 4 or 5 of them together, it\u2019s impractical to operationalize. If you have a legacy, heavy, agent-based approach to security that requires lots of manual configuration and rules, you lose a lot of the potential advantage to doing security in a more cloud-native way, one that scales along with the apps it protects.&#8221;<\/p>\n<p style=\"text-align: justify\"><a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/container-failure\/\" target=\"_blank\" rel=\"noopener\">Gremlin&#8217;s Frederic Bull feels similarly:<\/a><\/p>\n<p style=\"text-align: justify\">&#8220;Containers are relatively new and do not always support the fine granularity of configuration desired.\u00a0 An example is configuring resource quotas or tighter control on namespace access.\u00a0 There is still a great deal of reliance on host configuration for complete security. Many common security monitoring tools have immature container support, or lack support altogether. Native image signing and encryption are not available or are immature.&#8221;<\/p>\n<h5 style=\"text-align: justify\"><strong>Multiplicity of Solutions<\/strong><\/h5>\n<p style=\"text-align: justify\">Specialties are inevitable in any solution category. Some vendors do x better while another does y better. Container security solutions fit in this trend. As John Morello pointed out, many focus on 1 aspect of security while failing in other categories. This sentiment was further illustrated in my recent conversation with Alert Logic&#8217;s global VP of solution engineering, Mark Brooks. <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-concerns\/\" target=\"_blank\" rel=\"noopener\">He stated:<\/a><\/p>\n<p style=\"text-align: justify\">&#8220;Most container security solutions only focus on log output from the platform and associated applications. While logs are a great source of information, they are \u2018after the fact\u2019 and can leave gaps in visibility that could lead to container and application compromise. Not to mention, if compromised, the source of the log is under attacker control, leaving the possibility of corruption and\/or deletion.<\/p>\n<p style=\"text-align: justify\">&#8220;One of the most recent innovations in container security is an agent that deploys in a traditional IDS mode \u2013 listening to intra-container traffic and leveraging a detection set that will identify pre and post compromise activity. This is important because depending on configuration and deployment, there can be any number of dark corners where bad actors can hide or mask behaviors. Log output relies primarily on events being written to the system after the event has already occurred. IDS provides visibility to attacks against the container host or application in near real time, even if the activity is not logged by the system.&#8221;<\/p>\n<h5 style=\"text-align: justify\"><strong>False Positives<\/strong><\/h5>\n<p style=\"text-align: justify\">Although security must be a priority for enterprises, ineffective practices prevent optimal performance elsewhere. <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/state-of-container-security\/\" target=\"_blank\" rel=\"noopener\">We chatted with Ixia&#8217;s Kris Raney<\/a> to gain a deeper understanding of this concern:<\/p>\n<p style=\"text-align: justify\">&#8220;The biggest omission I see today is the detrimental effect of false positives or overly restrictive policy. You want your security to be tight, of course, but you\u2019ll never achieve perfection, and also rolling forward with new versions of the thing you\u2019re protecting means that there will be subtle changes to what it needs over time. One possible outcome of mistakes or changes is that you leave something open that can be exploited. People put lots of thought into that.<\/p>\n<p style=\"text-align: justify\">&#8220;The other possibility is you restrict something that is legitimate and necessary. The question becomes, how does this affect the behavior of the system? Unless you\u2019re careful, it will manifest as inscrutable, hard-to-diagnose failures. You don\u2019t see a \u201cthe security system blocked me\u201d error. You just see a failure to communicate. It may seem intermittent since the specific situation security is interfering with may only come up under particular circumstances. This is especially true in a microservices architecture where you have zillions of tiny components interacting with each other. Your sincere attempt to keep security tight can turn into a debugging nightmare. It looks like a buggy app when it\u2019s really an overzealous security layer.&#8221;<\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The way enterprises build applications has changed dramatically in the past decade. Containers have become the clear favorite for modern enterprises due to their speed and mobility. Furthermore, they run directly on the OS kernel, so users don&#8217;t deal with many operations headaches. Despite these strengths, containers lack the proper levels of security. Many enterprises [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2727,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2],"tags":[750,809,115,19,704,793,248,79,215],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Commonly Overlooked Issues in Container Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Doug Atkinson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/\",\"name\":\"The Commonly Overlooked Issues in Container Security\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg\",\"datePublished\":\"2018-10-05T19:25:48+00:00\",\"dateModified\":\"2018-10-08T16:31:17+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg\",\"width\":800,\"height\":400,\"caption\":\"container security issues\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Commonly Overlooked Issues in Container Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\",\"name\":\"Cloud Platforms &amp; Infrastructure Services | Solutions Review\",\"description\":\"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\",\"name\":\"Doug Atkinson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g\",\"caption\":\"Doug Atkinson\"},\"description\":\"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.\",\"sameAs\":[\"https:\/\/solutionsreview.com\"],\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/author\/doug-atkinson-4\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Commonly Overlooked Issues in Container Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/","twitter_misc":{"Written by":"Doug Atkinson","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/","url":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/","name":"The Commonly Overlooked Issues in Container Security","isPartOf":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg","datePublished":"2018-10-05T19:25:48+00:00","dateModified":"2018-10-08T16:31:17+00:00","author":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae"},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#primaryimage","url":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg","contentUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/10\/containersecurity.jpg","width":800,"height":400,"caption":"container security issues"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-issues\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/cloud-platforms\/"},{"@type":"ListItem","position":2,"name":"The Commonly Overlooked Issues in Container Security"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website","url":"https:\/\/solutionsreview.com\/cloud-platforms\/","name":"Cloud Platforms &amp; Infrastructure Services | Solutions Review","description":"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae","name":"Doug Atkinson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g","caption":"Doug Atkinson"},"description":"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.","sameAs":["https:\/\/solutionsreview.com"],"url":"https:\/\/solutionsreview.com\/cloud-platforms\/author\/doug-atkinson-4\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/2723"}],"collection":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/comments?post=2723"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/2723\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media\/2727"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media?parent=2723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/categories?post=2723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/tags?post=2723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}