Download our latest report - State of Container Security DOWNLOAD NOW

The “Next Level” Features of a Container Security Platform

Earlier today, the CyberEdge Group published its 6th annual Cyberthreat Defense Report. The report includes a variety of interesting findings, which we’ll detail below. But the section of the report I found most interesting comes after all the survey results. “The Road Ahead” chapter offers advice on areas of security that need “proactive attention and investment.” The authors took great time and care to lay out the advanced capabilities needed to secure containers, citing:

  • Context-based prioritization of all vulnerability and configuration findings
  • Threat/anomaly detection that automatically accounts for changing application behavior
  • Continuous posture improvement through automated, cross-phase sharing of security information

These requirements map incredibly tightly to the capabilities of the StackRox Kubernetes Security Platform. We’ll share a couple key findings here and then explore CyberEdge’s insights on what to look for in a container security platform.

Download the Full Report Now

Topics include frequency of successful attacks, impact of cyberthreats, security investments and budgets, etc.

DOWNLOAD NOW

For the second year in a row, containers topped the list of IT areas respondents felt least prepared to secure:

Clearly recognizing that security risk, respondents also cited containerization as the leading technology they plan to acquire:

Evaluating Container Security Platforms

After highlighting the level of risk associated with containers, the report’s authors go to advise companies on next steps. As container adoption grows, they write, and the environments move into production:

[Organizations] will need to take a more strategic approach to container security. Continuing to rely on tactical, piecemeal efforts featuring too-great emphasis on vulnerability scanning will only erode many of the gains containers are meant to deliver.

The report then details the table stakes features needed in a container security platform, including multi-phase vulnerability scanning, automatic network segmentation, runtime protection, and compliance.

The really interesting part comes when the authors define the “next-level capabilities” they see as critical to deriving the greatest value from a container security platform:

Evaluators intent on getting the most for their money should also look for these next-level capabilities:

  • Context-based prioritization of all vulnerability and configuration findings
  • Threat/anomaly detection that automatically accounts for changing application behavior
  • Continuous posture improvement through automated, cross-phase sharing of security information

The StackRox Kubernetes Security Platform does exceedingly – and I would argue uniquely – well in delivering against each of the “next-level capabilities” CyberEdge lays out.

  • Context-based prioritization – the StackRox platform, with its deep integrations with Kubernetes, weaves together a broad set of declarative information from k8s to stack-rank an organization’s riskiest deployments. As a result, our customers always understand what assets need their immediate attention and why. The following illustration highlights the data StackRox uses to perform its multi-factor risk prioritization.

  • Adaptive threat detection – a lot of container security platforms take an initial snapshot of your environment and then alert on future anomalies. This approach falls far short, flagging any subsequent application change, which is inherent in containerized environments and will leave you with alert fatigue. The StackRox platform leverages behavior modeling, combined with our deep Kubernetes integrations, for runtime detection that understands how application behavior is changing over time, avoiding the false alarms that come from simple application changes.
  • Continuous posture improvement – here at StackRox, we eat our own dogfood, applying the CI/CD principles at the heart of DevOps to our own platform’s behavior. The StackRox Kubernetes Security Platform leverages the information learned during build and deploy to adjust what we look for in runtime. Conversely, we take our learnings from runtime, including exploits detected, and use that data to adjust configurations subsequent build and deploy phases. As a result, customers get continuous hardening that constantly improves their security posture.

The CyberEdge Cyber Defense Report authors go far beyond the easy work of relaying survey responses to really dig into the steps organizations must take to secure their environments. It’s gratifying to see such tight alignment between StackRox and the CyberEdge analysts in characterizing an effective container security platform. You can check out the full report here, and you can also get additional advice on evaluating container security platforms.


Categories:

Tags: