The microservices revolution is underway. Businesses using microservices have reduced their development time by as much as 75%, fueling software innovation and competitive advantage. Today more than half of all enterprises using microservices and container technologies like Docker and Kubernetes are running them in production. And a vibrant ecosystem of more than 125 companies including Amazon, Microsoft, Google, Red Hat, IBM, CoreOS, Mesosphere, and others, continues to grow rapidly.
This evolution in the stack creates a new threat environment, one whose attack surface is as dynamic, fast-moving, and active as microservices themselves. The flexibility achieved by microservices comes with a tradeoff: applications no longer fit within a neat boundary and are intentionally broken up, which means security has to suddenly operate across interconnected components that interface autonomously. And at the same time, key characteristics of containers can be exploited by threat actors to carry out attacks with greater speed and scale, and within shorter time spans, than ever before.
Trying to retrofit traditional security approaches for these application architectures is a futile strategy. Network and host-based security may not go away anytime soon, but they lose relevance when securing containers since the focus shifts to protecting workloads and their data, not IP addresses or servers. Effective security for container environments requires solving several challenges:
- Lack of detailed context about container activity. Traditional security tools are blind to containers.
- Containers are dynamically orchestrated across machines. Traditional security architectures were never intended to piece together incidents spread out within distributed environments.
- Large numbers of containers and microservices produce high-velocity, high-volume data flows. These overwhelm traditional security workflows, which were never meant to monitor and analyze this data fast enough to catch threats.
These challenges simply can’t be solved by security products that never anticipated how a new generation of applications would be built, deployed, and run.
A Fundamentally Different Approach to Security
In microservices environments, security needs to operate the same way as the application components it seeks to protect. Whether components scale instantly by several orders of magnitude, move across clouds (public or private), or rely on a fully automated lifecycle, security needs to be applied continuously and consistently. This requires security to be built into the “connective tissue” that glues applications together - it has to be part of the microservices fabric itself.
Today, the StackRox team is pleased to unveil a new platform that delivers this security model for the world’s largest enterprises running containers and microservices. The StackRox platform relies on a security approach that makes no assumptions about what it must defend against. It is designed to achieve adaptive threat protection based solely on context derived from container activity. Without the typical constraints of having to use signatures, allow lists, or threat intelligence, StackRox is capable of: (1) changing prevention, detection, and response as fast as the container-based attack surface it defends; and (2) dealing with new nonlinear threat patterns, such as indicators of attack and compromise that are scattered across application components, not previously encountered.
Driving Security Innovation with Microservices and Machine Learning
The core of StackRox is a unique security framework that brings together microservices and machine learning, two areas critical to addressing the challenges introduced by containers. The StackRox platform itself runs as a set of security microservices, which gives it the ability to attain levels of scale, speed, and adaptability that are exponentially better than anything before it. Today StackRox can detect and stop a web-based attack with data exfiltration across distributed microservices in a matter of seconds. This is possible because StackRox leverages multiple machine learning models to augment analysis on vast amounts of data that act as a definitive “source of truth” of container activity, making it possible to spot indicators of threats as they progress from delivery to malicious action. Each model looks at different dimensions of data that are relevant to particular threat vectors. Working together in concert, an ensemble of models dramatically increases detection accuracy and reduces false positives.
Back to the Basics: A Strong Defense Starts with Visibility & Detection
The microservices ecosystem is still in the early stages of rapid evolution: standardization across the stack has yet to take hold, and the entire range of threat vectors that will emerge is still unknown. Unforeseen vulnerabilities will be exploited, and attackers will continue to advance their techniques. Faced with this type of threat landscape, protection has to start with visibility and detection: you can’t defend against what you don’t know about. StackRox sees more data, in greater detail, than any other container security solution today.
This matters because machine learning-based detection is only as effective as the volume and quality of data it analyzes. StackRox complements these foundational capabilities with flexible prevention and response functions. For example, if StackRox sees an attacker move laterally from one container to another, it can instantly isolate the container from any network communication. Or if it detects an attack on a container, it can immediately block access to any sensitive files.
Delivering a Better User Experience
Today enterprise security teams have to do too much work to get the answers they need. They operate a complex patchwork of tools, relying on manual workflows and custom integrations to tie them together. Containers provide the building blocks for packaging and delivering security services in a new way. Security zeroes in on the workload and becomes abstracted from the host, network, and storage. StackRox takes advantage of this to protect against a variety of network-, filesystem-, or host-based attack vectors simultaneously without requiring users to sift through an endless stream of alerts, in some cases reducing alerts by an order of magnitude. From millions of signals, security incidents are summarized, event context is collated, and risk scoring is presented to users, without any manual work.
Finally, using our machine learning doesn’t require you to be an expert. All it takes to fully configure a sophisticated analysis engine that is fine-tuned to detecting and stopping threats on your containers is two clicks in your web browser.
The microservices age is upon us and transforms how businesses must think about security. We built StackRox to protect companies at the forefront of digital transformation. The StackRox platform is generally available now and trusted by a number of the world’s largest organizations that are running containers in production. Our team continues to innovate on behalf of our customers and we have a lot more in store, so stay tuned to this blog and learn more about how StackRox is securing the agile enterprise.