Container Runtime Security Gets New Tools
As application containers enter the mainstream, a new set of production security issues is emerging. That has prompted early container orchestration and cloud vendors to establish frameworks to help manage security alerts when containers are compromised.
Among them is Google, which rolled out new cloud security functions this week along with a roster of container security vendors that have integrated their tools with the search giant’s recently unveiled Cloud Security Command Center. The partners said they are focusing on container runtime security.
The combination of the new security tools and Google’s container orchestrator, Google Kubernetes Engine, is designed to manage security alerts for container clusters in order to detect and mitigate attacks on application container running in production. The approach also addresses growing operational challenges in running containers and other microservices where diagnosing the root causes of performance issues has proven difficult.
Along with sending security alerts, container runtime security options include: isolating suspicious containers by moving them to a separate network; “pausing” a container to suspend runtime processes in order to limit resource use; restart a running container that is reset to the current state of an application; and, as a last resort, “kill” a running container, halting all runtime processes.
Google said the security upgrades to it Kubernetes Engine would then allow for a security analysis designed to prevent future attacks on containers in production.
Google also announced Thursday (May 3) that five security vendors have integrated their tools with Google Cloud Platform: Aqua Security, Capsule8, Stackrox, Sysdig Inc. and Twistlock.
Boston-based Aqua Security rolled out updated version of its security platform in March designed to secure cloud-native application delivery. Among them are “role-based” access controls to lock down user access policies. Google said the security firm would provide “real-time visibility into container security [alerts] and policy violations.”
Capsule8 will provide an attack detection platform designed to shutdown container attacks as they are discovered. Meanwhile, Stackrox employs machine learning techniques to visualize the “container attack surface” as a way of spotting malicious activity. Google noted in a blog post announcing the container runtime security initiative that machine learning is being used to detect container behavior that varies from an established security baseline.
Sysdig’s platform also seeks to boost container visibility to block threats and enforce compliance policies. The partners said the container security integration would provide “continuous security with runtime analysis.”
Finally, Twistlock is integrating container runtime security features with the Google cloud platform that include vulnerability scanning and compliance enforcement.
The container runtime security tools are the latest features being used to promote the Google Cloud Platform. Earlier this week, Google (NASDAQ: GOOGL) announced the beta launch of a data orchestration tool dubbed Cloud Composer designed to develop, schedule and monitor enterprise workflows across internal datacenters or multiple clouds.