May 17, 2018 | by Rani Reddy
Let’s start with what it SHOULDN’T look like?
There are certain companies, who shall remain nameless, who profess to offer container security but are only legacy solutions with the ability to provide limited visibility. They’re trying to solve one small piece of a complex puzzle by just looking at the host.
Those who shall remain nameless, are often focused on correlating server data to provide ‘something’ rather than a complete solution. They don’t do any image scanning during the CI/CD process or registry. This means you are just looking at what you have running and where your containers are in your environment. Compliance is only happening at the host. At the container level, you’ll find a great deal missing ie. Runtime whitelisting, incident detection with container data and more. Often firewalls are only deployed at the host and they aren’t doing any layer 3 network segmentation or layer 7 at the container level.
So now you’re asking, ‘What SHOULD container security look like?’
It should ensure security and compliance for containerised applications and offer multiple layers of defence. There is one company, who shall NOT remain nameless, that can provide this kind of compliance and multi-layer security – Twistlock.
Here are 8 examples of how Twistlock can help to secure containerised applications
- Vulnerability Scanning
Unlike its competitors, Twistlock built its technology on specific elements from each Docker certified image so all vulnerabilities can be identified and actioned. The Twistlock security database is also comprised of data from more than 30 different vendor sources, providing the best coverage in its field.
Twistlock allows Security teams to prioritize vulnerabilities based on a risk score upon detection. This helps with identifying the highest-level threats, so they can be prevented first.
The security prevention capabilities are based on Twistlock set policies which will halt the CI/CD workflow if there are high level vulnerabilities detected in an image or container, e.g can’t deploy container if an image is classified as vulnerable during shipping.
- Compliance with Configuration Best Practices
Twistlock is the only solution that embeds the Docker best practice benchmarks into their security which keeps the environment compliant through its built-in policies (prevention). Furthermore, you can configure these polices or create new ones based on own security requirements.
- Runtime – Vulnerability Management
If a new critical vulnerability is detected in an image on a runtime environment, Twistlock can locate where the threat is in real-time, so an updated image can replace it when fixed. Twistlock is currently the only solution that can provide insight on a runtime environment.
- Runtime – Whitelist
Traditionally IT operation teams lose visibility the moment images run as containers due to legacy IDS only understanding host activities. Twistlock models each container and controls them, which acts to whitelist when a new attack vector is detected that is outside the bounds of Twistlock’s native model instructions.
- Runtime attack forensics
Twistlock captures and correlates attack events and shows them with easy visualisation, including a lasting record of the attack events. Without Twistlock a customer will lose all attack data when the containers are replaced.
- Runtime Active Threat Protection:
Twistlock feeds include constantly updated Malware and APT data and check that against running containers to block such attacks. Without runtime protection, a customer’s existing security solutions will not have visibility into running containers and attacks being targeted against them.
Based on this, it’s safe to say non-container specific solutions are missing a critical layer that Twistlock provides – container specific vulnerability management, compliance with container configuration best practices, and runtime protection that is automated and easy (and this is the final missing piece of the container security puzzle that Twistlock delivers).
Complete the form below and find out what container security should look like for your organisation.
Rani Reddy is the Aquion Marketing Manager who brings both cross industry sales and marketing experience to this role. She works collaboratively with Aquion’s vendors to promote our commitment to new and innovative technologies