Posts under Docker
A vulnerability in runC, which allows an attacker to gain host-level code execution by breaking out of a running container, was discovered and reported by Adam Iwaniuk and Borys Poplawski in early January and published as CVE-2019-5736 on 11 February 2019. This vulnerability is highly significant in that it: enables container isolation breakout with minimal interaction from an authorized host user; typically allows an attacker to obtain root privileges on the host; negatively impacts most container environments because many containers run with default Docker security settings and default user (UID 0); and affects runC, the most commonly used low-level container runtime in Docker and Kubernetes environments.
This week StackRox launched the industry’s first ever State of Container Security report. To compile the findings, we surveyed more than 230 IT leaders across operations and security roles. Some responses came as no surprise – the dominance of Docker and Kubernetes, for example, or the breadth of industries using containers to accelerate application roll out. But many results did surprise us – including the extent to which security leads the list of concerns about companies’ container strategies.
We’re just a couple weeks out from our first DockerCon show. Our container deployment governance, runtime security, and feedback loop between security and DevOps have proven really valuable to our customers, and we’re looking forward to sharing these success stories on the show floor. Docker has been a great partner for us here at StackRox. Spending time with the Docker developer community talking about how they can accelerate development while deploying securely will provide great input for us.
We’re gearing up (pun intended) for an exciting time next week in San Francisco, and we’re thrilled to kick it off on Sunday at BSidesSF at City View in the Metreon. We’re proud to sponsor and support this event – an amazing grassroots effort that unites the information security community to share knowledge. With this year’s steampunk theme, the conference promises to deliver inspirational talks, stimulating discussions, and of course, evenings filled with entertaining discourse and delectable libations.
Introducing StackRox Prevent: Reimagining Container Deployment Security to Minimize Your Attack Surface
Security leaders today are charged with the increasingly complex task of defending the technology that powers modern enterprises, at a time when the software stack has never been more diverse or unmanageable. Implementing a coherent security program can seem daunting in light of the patchwork of duties that may fall under a security organization’s purview: static code analysis, identity and access management, compliance, data privacy and integrity, vulnerability management, monitoring, incident response, threat hunting, forensics…and the list continues.
Four and a half years since it was first introduced, Docker continues to have a profound impact on reshaping how developers build, ship, and run software applications. Few could have anticipated the speed of Docker adoption that we have observed to date with more than 21 million hosts now running Docker, over 24 billion Docker container downloads, and a vibrant ecosystem of 100,000+ third-party projects that incorporate Docker. As the de facto standard for the container runtime and image format, Docker has democratized the ability for anyone to take advantage of container technologies that could previously only be utilized by a handful of the world’s largest, cloud-native companies.
It should come as no surprise that behind the rapid adoption of Docker containers are a set of slam-dunk cost and operational benefits. According to Docker, enterprise IT budgets are heavily consumed by maintenance and upkeep of legacy applications on the order of 80%. Containers drastically change that equation, and the customers that leverage them are realizing massive improvements in resource utilization, resulting in a 50%-60% drop in virtual machines (VMs)– and ultimately, hypervisor licenses– required to run the refactored application.
Container technology is fundamentally changing the way incident response (IR) is handled within the enterprise, and it is putting agile organizations back in a position of strength against their attackers. Microservices and containers comprise an infrastructure that can be leveraged as a security orchestrator and responder, which allows for radical improvements in both the scale and speed of threat detection, response, and prevention. IR in a traditional environment Today’s systems have become too distributed, integrate too many programs, and present too many attack surfaces for security analysts to thwart attacks effectively.
Enterprise organizations across diverse verticals, such as 3M, Adobe, Kellogg’s, and Netflix, have been ramping up their use of the public cloud to the point where that usage accounts for a substantial portion of their annual IT spend. ‘Enterprises with big budgets, data centers, and complex applications are now looking at cloud as a viable place to run core business applications’, according to Dave Bartoletti, an analyst at Forrester Research.
By now, details of the massive Equifax breach that saw 143 million personal records compromised has made its way around the global news, as well as the broader security and enterprise IT communities. Within these circles, you can bet that anyone responsible for resolving application vulnerabilities is worried about becoming the next headline. There’s little argument that patching applications is a big deal; both in terms of criticality to the organization’s security posture, and in terms of the onerous process it can be when performed in traditional application environments.
The last few decades have seen tremendous progress in machine learning (ML) algorithms and techniques. This progress, combined with various open-source efforts to curate implementations of a large number of ML algorithms has lead to the true democratization of ML. It has become possible for practitioners with and without a background in statistical inference or optimization – the theoretical underpinnings of ML — to apply ML to problems in their domain.
Forensics in the age of containers You’ve seen it countless times in television’s most popular dramas: professional investigators descend on the scene of a crime to meticulously record and analyze every detail and clue before anyone else can disrupt the scene. If the crime appears to be related to other ongoing cases, clues are tacked to the peg board back at headquarters. Only once all the pieces have been assembled do patterns emerge.
Introduction Container technology has radically changed the way that applications are being developed and deployed. Notably, containers dramatically ease dependency management, so shipping new features or code is faster than ever before. While Docker containers and Kubernetes are great for DevOps, they also present new security challenges that both security practitioners and developers must understand and address with diligence. Docker’s team of security experts has built some valuable security features into the Docker platform over the last several years.
WAF the heck do I do to protect against attacks on my container-based web applications? The hackers who want your organization’s valuable data will invariably target your web applications. Despite the steady increase in distributed denial-of-service (DDoS) attacks and ransomware, web application attacks represent the most common cause of data breaches.1 The vast majority of these attacks are executed by botnets, operated by organized crime2. Their goals: stealing credentials, growing the size of the botnet, and, of course, exfiltrating information that can be used for financial gain.