Aqua Security Hardens Kubernetes
Seeking to bullet-proof container infrastructure from application development through runtime protection for production workloads, a security vendor has rolled out the latest version of its platform targeting Kubernetes-native application delivery.
Boston-based Aqua Security said this week the 3.0 version of its container security platform adds more than 100 security features, including a proprietary security architecture designed for container runtime security.
Citing an enterprise skills shortage, the security vendor argues container adopters “are looking for ways to leverage Kubernetes to automate deployments and accelerate application delivery, at scale, without compromising on security.”
The security specialist notes that the latest versions of the Kubernetes container orchestrator (1.8 and 1.9) introduced improved security features. Nevertheless, recent hacks such as a crypto-mining breach of carmaker Tesla’s public cloud “demonstrate that without adhering to best practices and without proper implementation, Kubernetes-based applications are at risk,” the company said.
Hence, the new version of the Aqua’s container security platform emphasizes automated Kubernetes-based controls to secure the growing number of cloud-native applications and micro-services. Among them are “role-based” access controls to lock down user access policies, enabling “security teams to govern access across teams,” the company said in releasing its platform on Wednesday (March 7).
Aqua Security recently followed up the reports of crypto-currency exploits on containers by setting up “honeypots” designed to lure miners. Specifically, the security trap focused on potential miners scanning Docker daemons that run in the background to manage application containers.
Company researchers discovered that at least one hacker attempted to execute Docker commands used for image and container management. The security vendor said the attacker’s initial objective was to identify which version of Docker was running, knowledge that would help determine the API version to be used in an exploit.
Given the known vulnerabilities to container image repositories, the new security platform also is designed to block unapproved images from running down to the level of an individual host. Aqua said the feature can prevent Kubernetes from running unapproved images across entire clusters. The feature also is touted as providing a secure mechanism that scales across large container deployments.
Along with a benchmarking tool used to validate the security status of Kubernetes deployments, the updated platform also includes event logging enhancements tailored to the container orchestrator that tracks details like deployment and namespace data.
Aqua Security said version 3.0 is compatible with Kubernetes 1.8 and higher. It is also certified with a range of Kubernetes deployments, including Amazon Web Services’ Elastic Container Service for Kubernetes, Google Kubernetes Engine, Microsoft Azure Container and Access Control services along with Red Hat OpenShift.
Aqua Security is hosting a webinar on March 14 to explore securing Kubernetes deployments as they scale.