What Is Container Security, and How Can You Boost Yours?
Containers have definitely become a popular way to deploy applications. Which is great because they have a huge number of advantages over deploying to a virtual machine. Some of those advantages include being portable, immutable, and lightweight. You can control what is inside of the container that runs your service, and this can lead to a clear, auditable trail. For a security professional, this makes your work easier because you understand what is going on. Securing the container isn’t scary, but there is definitely work to do.
What to Focus on in Container Security?
One of the first things you need to remember about container security is that containers are still just running software. They still run code that someone wrote, and usually it’s someone else who wrote it.
You want to start off by looking at the pieces that make up your container images. You need to ensure that everything actually needs to be there, and you have nothing extra that may lead to problems down the road. Next, look into what is actually running the container. The container orchestrator has pieces to look at and lock down appropriately. This will prevent an attacker from getting too far into your network if a container is vulnerable to something you aren’t aware of.
While containers are different from virtual machines, they can be analyzed for vulnerabilities and secured in many of the same ways. There is overlap in tools looking for things at runtime to ensure that the piece of software is secure. There is also overlap in tools looking for vulnerabilities before the container even deploys.
Because of this, there are a lot of tools and vendors out there to make securing your containers easier, no matter your scenario. There is something out there to help (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Erik Lindblom. Read the original post at: https://blog.sonatype.com/what-is-container-security-and-how-can-you-boost-yours
