Posts under Containers
The tech industry press has been abuzz this week with news of the first major security hole discovered in Kubernetes, with coverage in ZDNet, The Stack, and TechTarget’s Search IT Operations. Given the prevalence of Kubernetes in organizations’ tech stacks and the fact that it’s the first discovered security flaw, the news is pretty big. Here at StackRox, we were surprised in a couple ways – first, with its scope, and second, that it wasn’t discovered earlier.
This week StackRox launched the industry’s first ever State of Container Security report. To compile the findings, we surveyed more than 230 IT leaders across operations and security roles. Some responses came as no surprise – the dominance of Docker and Kubernetes, for example, or the breadth of industries using containers to accelerate application roll out. But many results did surprise us – including the extent to which security leads the list of concerns about companies’ container strategies.
Today we posted the news that we’ve adopted StackRox to secure our environment. I wanted to share a bit about our thought process and results in hopes of helping others like us. Security is difficult to manage at every level of technology development, from building a simple web app to running enormous platforms like the tech giants manage — recent tech headlines just prove this point. Like other early-stage SaaS startups, we here at Mux face the combined challenges of having limited resources, a relatively large technology footprint, and the obvious focus on building strong product features.
We’re excited to share the news today that we’ve entered into a technology development and strategic investment agreement with In-Q-Tel (IQT). For nearly 20 years, IQT has been critical to driving cutting-edge technology into the U.S. Intelligence Community. The not-for-profit investor identifies innovative security startups and connects them with U.S. government agencies chartered with keeping the United States safe. In choosing to partner with StackRox, IQT has signaled the criticality of containers in driving application innovation today and the advanced security StackRox provides for these environments.
We’re picking up our coverage of Gartner’s security conference with a continued discussion of the Top 10 Security Projects Gartner recommends you do this year, in prioritized order. In Part I of the discussion, we highlighted Privileged Account Management, CARTA-inspired Vulnerability Management, and Active Anti Phishing. Neil continued his list by highlighting the need for protections like StackRox provides. #4 – Application Control on Server Workloads For this project, Neil emphasized the need to reduce the attack surface and limit certain functions from running on servers.
We’ve been highlighting a number of the talks at Gartner’s security conference last month, including on the value of shifting right with security, risk-prioritized vulnerability guidance, and the principles of continuous security. In this recap, we’ll profile Neil MacDonald’s presentation on the Top 10 Security Projects you should undertake this year. He led off the talk acknowledging we’re never “done” in security, and that it’s futile to try to build perfect security.
We’ve enjoyed a great partnership with Google, with our StackRox Container Security Platform enhancing the security capabilities of Google Cloud Platform. We were honored when the folks at GCP asked us to speak at the Next conference on security reference architectures. During his talk on Wednesday, July 25, our head of products, Wei Lien Dang, will highlight three customers – a Fortune 100 bank, a Fortune 50 financial services firm, and a Global 200 e-commerce company.
The StackRox Container Security Platform Today we announced that we will release an updated version of the StackRox Container Security Platform later this month. As we continue to lead the industry in container security innovation, we are excited to detail our new capabilities. Over the past nine months or so since we started shipping our software, we have seen a few consistent patterns among our enterprise customers. These organizations remain focused on reducing the attack surface across their container environments, and addressing orchestrator-based threats are a key part of that initiative.
In recent blog posts, we’ve been highlighting some of the key takeaways from Gartner’s recent security conference. In the session on the top 10 principles of CARTA (Continuous Adaptive Risk and Trust Assessment), Neil MacDonald highlighted how organizations need to change their security practices to match today’s world. One of the more interesting observations Neil made was that organizations in general have over-invested in preventative measures and they’ve underinvested in the detection and response.
We recently highlighted Gartner’s advice to “shift right” with security, to avoid burdening developers from a security standpoint. Gartner analyst Dale Gardner continued that theme with this opening slide to his talk advising teams to “Fix What Matters” in the area of vulnerabilities. Dale noted that we excel at finding vulnerabilities, leading to the garbage heap analogy. “We end up with this graveyard of multiple vulnerability reports,” Dale observed. Bringing this world view into container security doesn’t make this problem any easier – indeed, now you have more “things” to secure.
We’re just a couple weeks out from our first DockerCon show. Our container deployment governance, runtime security, and feedback loop between security and DevOps have proven really valuable to our customers, and we’re looking forward to sharing these success stories on the show floor. Docker has been a great partner for us here at StackRox. Spending time with the Docker developer community talking about how they can accelerate development while deploying securely will provide great input for us.
Today, we are excited to announce the release of StackRox Detect and Respond 2.0, our container-native runtime security product, and StackRox Adversarial Intent Model, the foundation for our ongoing threat research and threat detection strategy. While our previous 1.3 release focused on providing greater flexibility, configurability, and scalability for customers, version 2.0 expands the breadth and depth of our threat detection capabilities and adds advanced automation features to make it easier for enterprise customers to protect their container environments, whether they are running on-premise or in popular cloud service providers such as Amazon Web Services (AWS), Google Compute Platform (GCP), Microsoft Azure and others.
Since day one at StackRox, three years ago, we’ve made it a point to meet regularly with CISOs from top banks and other global 2000 companies. The focus of these discussions was on how we might expedite the adoption of containers, and improve the process of maintaining better security and regulatory compliance. Over the course of these many conversations, I’ve found that there are some important ideas worth sharing broadly, though they’re likely most interesting to IT and security leaders in the financial world, where both competitive and regulatory pressures are very high.
Four and a half years since it was first introduced, Docker continues to have a profound impact on reshaping how developers build, ship, and run software applications. Few could have anticipated the speed of Docker adoption that we have observed to date with more than 21 million hosts now running Docker, over 24 billion Docker container downloads, and a vibrant ecosystem of 100,000+ third-party projects that incorporate Docker. As the de facto standard for the container runtime and image format, Docker has democratized the ability for anyone to take advantage of container technologies that could previously only be utilized by a handful of the world’s largest, cloud-native companies.
It should come as no surprise that behind the rapid adoption of Docker containers are a set of slam-dunk cost and operational benefits. According to Docker, enterprise IT budgets are heavily consumed by maintenance and upkeep of legacy applications on the order of 80%. Containers drastically change that equation, and the customers that leverage them are realizing massive improvements in resource utilization, resulting in a 50%-60% drop in virtual machines (VMs)– and ultimately, hypervisor licenses– required to run the refactored application.
Container technology is fundamentally changing the way incident response (IR) is handled within the enterprise, and it is putting agile organizations back in a position of strength against their attackers. Microservices and containers comprise an infrastructure that can be leveraged as a security orchestrator and responder, which allows for radical improvements in both the scale and speed of threat detection, response, and prevention. IR in a traditional environment Today’s systems have become too distributed, integrate too many programs, and present too many attack surfaces for security analysts to thwart attacks effectively.