We’re picking up our coverage of Gartner’s security conference with a continued discussion of the Top 10 Security Projects Gartner recommends you do this year, in prioritized order. In Part I of the discussion, we highlighted Privileged Account Management, CARTA-inspired Vulnerability Management, and Active Anti Phishing.
Neil continued his list by highlighting the need for protections like StackRox provides.
#4 – Application Control on Server Workloads
For this project, Neil emphasized the need to reduce the attack surface and limit certain functions from running on servers. He talked about building a default deny or zero trust posture these kinds of workloads. Neil called out the StackRox Kubernetes Security Platform as an enabling technology for this project.
In our conversations with Neil over the years, we’ve found he gravitates most to our principle of continuous improvement in security. In fact, the inspiration for how we depict the feedback loop of our platform came from that Gartner image.
The ability to leverage declarative information from the build and deploy phase to adjust what you watch for in runtime and vice versa, the ability to apply what you learn in runtime to how you do policy enforcement at build and deploy, greatly enriches your security posture.
#5 – Microsegementation
Neil used the analogy of the bulkheads and separate compartments in a submarine to talk about how you want to contain traffic to prevent a breach from enabling attackers to reach their objectives. While there’s been a focus on east/west or lateral movement across networks, this notion changes a bit in container-based environments, where you need visibility in many more layers of the infrastructure.
#6 – Detection and Response
Neil reiterated that the industry overall has over-invested on the prevention side but we really need to assume the breach and invest more on detection and response. He cited endpoint protection and User and Entity Behavior Analytics as prime examples of supporting technology. Of course, the container environment has its own set of relevant detection and response technologies.
#7 – Deception
Neil urged enterprises to regain the upper hand against attackers – that we’ve made it to easy for attackers. He recommended setting up fake instances of networks, servers, application vulnerabilities, endpoints, and data stores to waste attackers’ time and resources.
#8 – Managed Detection and Response
For those organizations without the resources to do advanced threat detection and response, Neil recommended organization consider enlisting the services of a managed service provider in this area. He suggested looking for references of providers that have served your industry, and he recommended short contracts since pricing is expected to keep coming down.
#9 – Cloud Security Posture Management
Enterprises can look to these kinds of automated assessments to identify areas where they have excessive risk. He suggested that Cloud Access Security Broker vendors might be able to help here, and he recommended you seek solutions that will run across multiple public cloud infrastructures.
#10 – Automated Security Scanning
Neil highlighted the diagram at the top of this blog post to describe how to integrate security controls into DevOps-style workflows. He stressed the importance of API-enablement for automation and highlighted that this integrated testing needs to extend to securing containers.
Got the basics covered in security? Check out these projects as guidance on where to take your organization next, and of course with the growing use containers, making sure you’ve got your container workload protected stands high on the list!