We all know that securing containers and Kubernetes deployments from build to runtime requires an efficient and secure manner with expertise spanning Development, Security and Operations teams. The following defines the key technologies needed not only for vulnerability scanning and compliance, but also for complete container security at runtime:
Network Packet Inspection.
If you want real-time container security, you need information and protections as they occur. Comprehensive container security requires real-time visibility. Nexus Container protects according to application level (Layer 7) protocols (not just IPtables or Layer 3/Layer 4 data), suspicious activity can be investigated by capturing network sessions and inspecting packets directly. We can see all network traffic at Layer 7 using the best source of truth: the network. This technology can block unauthorized connections without affecting secure, authorized connections in the container from continuing. This unique network interception and filtering does not require an agent, sidecar or image modification.
Self-learning and scaling
Manually creating policies and rules for every environment, application and update performed is simply not feasible. Automation is key to saving time for development, security and operations teams, and they will reclaim the time with Nexus Container’s ability to automatically generate rule sets and security as code, easily adapting to new and updated behaviors. As new containers come and go with different IP addresses on different hosts, no changes are required.
Integration of network and orchestration tools
We all know the importance of having the right integrations for your tools. Integrations in general can make it difficult to update security policies and accurately enforce rules. Nexus Container is network-aware and integrates with popular orchestration tools such as Kubernetes, Docker EE, Rancher, EKS / ECS, Istio and OpenShift.
Container inspection
A container needs to be monitored at every stage of its lifecycle. Vulnerability scanning at build, while crucial, simply gives us a glimpse of what happened in the past. Monitoring running containers requires more than just examining network activity: you also need runtime vulnerability scanning, file system monitoring, process inspection and privilege escalation detection capabilities. This will help keep your containers from being compromised by determining vulnerabilities, assessing the risk of exploitation and blocking suspicious processes.
Host and platform security and auditing
A building is only as strong as its foundation; this also applies to containers and hosts. By monitoring host processes to determine if a breach is about to occur, it is possible to protect containers even before a problem occurs. Similarly, Nexus Container can monitor Kubernetes, Docker system containers and network connections for potential attacks. Host and Docker security settings can also be audited to determine if the proper configuration is in place.
What makes Nexus Container so powerful?
It goes deeper than other solutions. Nexus Container has the ability to provide deeper insights and solutions than scanning container images for vulnerabilities and compliance issues and using admission controls to block deployment of those images. What is provided at runtime takes Nexus Container further by providing detailed, accurate and unparalleled information about containers that we have yet to see in another solution. Nexus Container’s behavioral inspection can identify all network traffic at Layer 7 and every container process to automatically create behavior-based security policies, enforce Data Loss Protection, prevent zero-day malware and network attacks, tunnels, breaches, etc.
Source: Sonatype.
