Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Avoiding Container Vulnerabilities


Published on

Published in: Software
  • Be the first to comment

  • Be the first to like this

Avoiding Container Vulnerabilities

  1. 1. AVOIDINGCONTAINERVULNERABILITIES Seven experts discuss potential risks associated with containers and how to address those risks. Sponsored by
  2. 2. 2 INTRODUCTION Containers offer an unprecedented opportunity to scale cloud-based services, make incremental changes without disrupting larger processes, and rapidly respond to changing operational requirements. They also introduce a new uncertainty into the cloud-security picture. Containers and their use are still evolving and maturing. To get a better understanding of potential risks associated with containers and how best to address those risks, we asked the security experts the following question: What vulnerabilities do containers create, and how do you protect against them? Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. © 2019 Mighty Guides, Inc. I 62 Nassau Drive I Great Neck, NY 11021 I 516-360-2622 I
  3. 3. 3 FOREWORD Containers and Orchestration Create New Vulnerabilities Over the last few years we have seen a dramatic rise in the use of containers and container orchestration systems for the coordination and management of cloud services. Among other things, containers allow for rapid deployment, ephemeral workloads, and autoscaling of applications at scale. For organizations that work in an agile way and deploy services continuously, it’s an enormously popular piece of their infrastructure. Popular types of containers include: Kubernetes, Docker Swarm, OpenShift, and Mesosphere. Containers are a new and important component of modern environments, but as they still have to live in a shared host and cloud account facing similar threat vectors, their security cannot be treated in isolation. Lacework provides a holistic approach to container security as it supports this natively, while at the same time provides security for hosts and AWS accounts which if compromised can cause even larger scale damage to any container environment. Many organizations rely on containers to help them orchestrate among applications and data sources, and as this approach grows, security teams are discovering a corresponding increase in their overall threat surface. The people interviewed in this book offer insightful proof that while containers provide distinct advantages for workloads and applications, they also require focused, automated security to remain safe. Lacework is a SaaS platform that automates threat defense, intrusion detection, and compliance for cloud workloads & containers. Lacework monitors all your critical assets in the cloud and automatically detects threats and anomalous activity so you can take action before your company is at risk. The result? Deeper security visibility and greater threat defense for your critical cloud workloads, containers, and IaaS accounts. Based in Mountain View, California, Lacework is a privately held company funded by Sutter Hill Ventures, Liberty Global Ventures, Spike Ventures, the Webb Investment Network (WIN), and AME Cloud Ventures. Find out more at www. Regards, Dan Hubbard Chief Product Officer
  4. 4. 4 © 2019 Lacework, Inc. Lacework and Polygraph are registered trademarks of Lacework. All  other marks mentioned herein may be trademarks of their respective companies. Lacework  reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Get actionable recommendations on how to improve your security and compliance posture for your AWS, Azure, GCP, and private cloud environments. FREE ASSESSMENT Streamline security for AWS, Azure,  and GCP.  Gain unmatched visibility,  ensure compliance, and enable  actionable threat intelligence.
  5. 5. 5 TABLE OF CONTENTS Kathrine Riley, Director of Information Security & Compliance Braintrace.......................................................... 09 Mauro Loda, Senior Security Architect McKesson.......................................................... 11 Paul Dackiewicz, Lead Security Consulting Engineer Advanced Network Management (ANM)..................................... 08 James P. Courtney, Certified Chief Information Security Officer Courtney Consultants, LLC......................... 12 Darrell Shack Cloud Engineer Cox Automotive Inc....................................... 10 Milinda Rambel Stone, Vice President & CISO Provation Medical.......................................... 13 Ross Young, Director Capital One........................................................ 06
  6. 6. 6 “CONTAINERS RUNNING SER- VICES OR APPLICATIONS ARE OFTEN OVERPRIVILEGED FOR THE FUNCTIONS THEY PERFORM.” There’s a lot to like about containers, but also a lot not to like from a security perspective. For one thing, they make the environment considerably more complex, which introduces potential vulnerabilities. For example, let’s say you have a normal Amazon EC2 server running something like a Linux-based operating system. Then you have to install a Docker engine on top of that. Now you have two types of vulnerabilities, one being whether you keep your host operating system (OS) patched and up to date, and the other is whether you configured your Docker engine correctly. Then if you install two applications as containers, the challenge becomes how you check to see if things are operating as they should. Historically one might look at network traffic from one EC2 instance to another. But in this simple example, there's no network traffic leaving that EC2 instance. You need better tools capable of inter- container monitoring of activity within one EC2 instance, and more inter- container access control and authentication. Ross Young, Director, Capital One Ross Young is a veteran technologist, innovation expert, and transformational leader, having learned DevSecOps, IT infrastructure, and cybersecurity from a young age from both ninjas and pirates. Young currently teaches master-level classes in cybersecurity at Johns Hopkins University and is a director of information security at Capital One.
  7. 7. 7 Another problem is that containers running services or applications are often overprivileged for the functions they perform. For instance, they are often set up with admin privileges for an application that doesn’t require those privileges. That means they now have the ability to see everything in the host OS, and also see other containers that are on that same EC2, including data. Solving this requires tools that run the service with the least privileges it needs so that it can’t break out of its container and get to the host OS. Another best practice that has started to evolve is using very small containers with minimum necessary privileges, and making them read-only containers so they can’t be changed. If you get hacked, the container still runs as intended. Ultimately, developers need to incorporate security to the point where they create security policy as code. This involves using tools that do security scanning during development and give developers instant feedback about vulnerabilities. n
  8. 8. 8 “MANY PEOPLE DON’T REALIZE THE POTENTIAL FOR HAVING A SINGLE POINT OF FAILURE WITH MULTIPLE CONTAINERS GOING DOWN.” The easier it is to deploy code or apps, the greater the potential for propagating vulnerabilities. You need to manage these processes carefully and not get too comfortable with how easy it is to deploy and scale apps. Containers themselves are pretty secure. However, many people don’t realize the potential for having a single point of failure with multiple containers going down, for instance if a host server is lost. The impact of this kind of event depends on a number of factors, including how the original environment is configured for density. Securing an environment requires a layered approach that involves having security appliances at each step of the way, whether it’s a layer-three device, the endpoint itself, and how you authenticate into a system. The most important part of container security is access control. Once something has access to a system, there may be controls to detect behavior, and someone who is already in a system may approach very cautiously to avoid detection. It all comes back to appropriate access control. n Paul Dackiewicz, Lead Security Consulting Engineer, Advanced Network Management (ANM) Paul Dackiewicz has over 10 years of systems engineering and cybersecurity experience in the fields of healthcare, government, and value- added resellers (VARs). He is currently leading the security operations center (SOC) for a premier managed security services provider (MSSP).
  9. 9. 9 “SEGREGATIONOFDUTIES,AND SEGREGATIONOFACCESS…KEEPS YOURPRODUCTIONCONTAINER LOGICALLYSEPARATEDFROMITS DEVELOPMENTANDTESTSTATES.” Container security begins with enforcing roles and responsibilities during development, testing, and production. Ideally you will have segregation of duties and segregation of access, which keeps your production container logically separated from its development and test states. Defining roles and responsibilities, and turning those on and off, determines who or what process can promote a container from development to test, and from test to production. These definitions become an integral part of your change- management process. n Katherine Riley, Director of Information Security & Compliance, Braintrace Katherine (Kate) Riley is skilled in leading teams to define cloud architecture, and in development of controls. She has developed and implemented security frameworks such as ISO and NIST, and performed compliance reviews such as FFIEC, HIPAA, HITRUST, SOX, GDPR, and GLBA.
  10. 10. 10 “IT IS VERY IMPORTANT WHEN YOU ARE PULLING CONTAINER IMAGES TO DRIVE A PROCESS, THAT YOU VERIFY THE AUTHEN- TICITY OF THOSE IMAGES.” One potential vulnerability with containers is that if one container is infected, that compromise can spread to the host. That’s because, unlike segmented environments where different applications can run on different operating systems, container environments typically run all the containers on top of one operating system, and the containers take their functionality from that operating system. This is why it is very important, when you are pulling container images to drive a process, that you verify the authenticity of those images. You need to verify the sources and make sure you are using a known, secure URL. Cloud-platform functions can help enforce the verification of images. For example, Amazon Web Services has an auto-scaling feature that monitors container activity. If a container is reaching capacity, AWS will automatically spin up an identical container to take on some of the load. If there is a reduction in load, AWS automatically destroys that container. The system will send notifications of these actions, which can be monitored on a dashboard. That’s important in environments hosting high-volume computing activity. n Darrell Shack , Cloud Engineer, Cox Automotive Inc. Darrell Shack is a seasoned system engineer focused on building resilient and high--availability solutions. He has experience in developing solutions in the public cloud Amazon Web Services, helping teams manage their cost, and overall application performance in the cloud.
  11. 11. 11 “THE BIG CHALLENGE IN A MAS- SIVELY SCALED CONTAINER EN- VIRONMENT IS THE NEED TO CON- TINUOUSLY SCAN AND MONITOR FOR NONCOMPLIANT IMAGES…” Containers have many advantages, but the way containers sit on a common OS kernel creates a situation where compromising one single container can provide access to the OS kernel and all other containers associated with it. This requires continuous monitoring, and it requires a different approach to patch management. In a traditional environment, you patch all the time. However in a container environment, you do not continuously patch containers. When a vulnerability becomes known, you immediately update the container image and deploy completely new containers. This changes your entire approach to patch management. The big challenge in a massively scaled container environment is the need to continuously scan and monitor for noncompliant images, and authenticate images across different container platforms. Tools used to monitor container activity need to be adaptable to different situations at any point and time. A container that is streaming an application right now may not be in 10 seconds. The tools need to be intelligent, perhaps artificial intelligence (AI) driven. Everything is pattern based, behavior based, and risk based. The tools need to be able to protect you in a way that dynamically adapts to the current state of your constantly changing environment. n Mauro Loda, Senior Security Architect, McKesson Mauro Loda is a passionate, data- driven cybersecurity professional who helped define and drive the “Cloud First” strategy and culture within a Fortune 100 multinational enterprise. He is a strong believer in offensive security and simple- but-effective architecture-defense topology. Emotional intelligence, pragmatism and reliability are his guiding principles. He has achieved numerous industry certifications and actively participates in forums, technology councils, and committees.
  12. 12. 12 “ANOTHER CHALLENGE FOR CONTAINERIZED ARCHITECTURES IS THAT THEY MAKE FORENSICS DIFFICULT.” The biggest security concern when using containers is that they come out of a centralized distribution area. This means if one file gets infected, that can affect everything in the environment. The big challenge for environments that use containers is how you minimize the risk of that centralized architecture. Another challenge for containerized architectures is that they make forensics difficult. In an environment that instantly spins up a machine to provide on-demand services and then eliminates that container when it is no longer needed, if the container is compromised, what did it do while it was up? For instance, if something jumped from a computer to an image and then got access from that image to another server before the image spun down, the image is now gone but the damage is already done. Even if you have good monitoring tools that triggered an alert on a machine that is now gone, you no longer have access. The bad guys, depending on what kind of access they get, can erase logs and do other things to cover their tracks. From a forensics point of view, once you’ve discovered you’ve been breached, the way containers work can make it very difficult to go back and trace the steps of an attack. If you have a large enough budget, you may be able to log everything, but that may not be feasible in a massively scaled environment. Addressing these challenges will fall on the way containerized environments are architected and built. Most developers are not taught and do not think about security first. They think application first and making it work. n James P. Courtney, Certified Chief Information Security Officer, Courtney Consultants, LLC James Courtney is a recognized cybersecurity professional who has spoken at multiple conferences, including the CyberMaryland Conference. He is a Certified Chief Information Security Officer (one of 1,172 in the world), serving as the IT network and operations security manager for a private SIP consulting firm in McLean, Virginia.
  13. 13. 13 “THE REAL ISSUE IS WHETHER YOU HAVE A DISCIPLINE IN PLACE TO ENSURE SECURE USE OF CONTAINERS.” It’s not that the container creates the vulnerability. The real issue is whether you have a discipline in place to ensure secure use of containers. If you’re simply creating containers without monitoring and measuring, then you don’t have a consistent process. Your vulnerabilities will be replicated across your stacks because you don’t have disciplined engineering hygiene, and if that’s the case, things can go downhill fast. You have to focus on making sure those containers are consistent and that they’re healthy. One trend we’re seeing in the industry is this concept of cloud security. It’s a new discipline between the old-school definition of what security was and the concept of cloud, and there’s a shared level of skill between the cloud team and the security team. That’s where you can build a disciplined process across the two teams that works much better in the cloud than the old-school model of security. Part of the challenge is you are dealing with such a dynamic environment. What worked for you yesterday or even four hours ago might not work for you today or tomorrow. You have to be continually paying attention to potential new threats and risks. You need third-party assessments to validate the assumptions you’re making, whether they are accurate, and if you are taking the right steps to mitigate them. You need to take an engineering approach, and in this environment, if you’re running processes manually, you’re going to miss many things. It’s an environment where everything must be automated. n Milinda Rambel Stone, Vice President & CISO, Provation Medical Milinda Rambel Stone is an executive security leader with extensive experience in building and leading security programs, specializing in information-security governance, incident investigation and response, cloud security, security awareness, and risk-management compliance. As a former software engineer, Stone has passion and experience in building cloud security and DevSecOps environments. She currently practices this at Provation, where she is the vice president and chief information security officer (CISO).
  14. 14. 14 KEY POINTS If you’re just creating containers without monitoring and measuring, then you don’t have a consistent process. Your vulnerabilities will get replicated across your stacks because you don’t have disciplined engineering hygiene, and if that’s the case, things can go bad fast. The big challenge in a massively scaled container environment is the need to scan and monitor continuously for noncompliant images, and authenticate images across different container platforms. Tools used to monitor container activity need to be adaptable to different situations at any point and time. Ultimately, developers need to incorporate security to the point where they create security policy as code. This involves using tools that do security scanning during development and give developers instant feedback about vulnerabilities.
  15. 15. 15 © 2019 Lacework, Inc. Lacework and Polygraph are registered trademarks of Lacework. All  other marks mentioned herein may be trademarks of their respective companies. Lacework  reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Interested in more? Try Lacework for free and validate the security  of your cloud: TRY FOR FREE Streamline security for AWS, Azure,  and GCP.  Gain unmatched visibility,  ensure compliance, and enable  actionable threat intelligence.