With the growing popularity of Container technology comes the growth of container-based attacks – but understanding your security needs will keep you ahead of the game.
Container adoption is skyrocketing, growing 40% in the last year. And it makes sense – the agility, operational efficiencies and cost savings of containerized environments are huge benefits. But as more organizations rush to leverage containers, security is increasingly becoming a major concern and is the top roadblock to container deployment. What do you need to know (and do) to keep your container environments safe?
2. Your Speakers
Matthew Harkrider
Alert Logic
Sr Technical Product Manager
John Norden
Alert Logic
Release Director
Tyson Malik
Rent-A-Center
Sr. Manager,
DevOps/Cloud Release &
Middleware Engineering
3. Agenda
• The Alert Logic Container Journey
• Why is Network IDS So Critical?
• Considerations for a Strong
Container Security Program
• Q&A with XXX
5. Our Container Journey
• Overall infrastructure spend was
a problem for Alert Logic and
the overall cost to run was
growing
• Deployment time for
microservices were taking
entirely too long and it was
having a negative impact on our
continuous deployment velocity
6. Why Containers?
• Allowed us to simplify our architecture to a true microservices
model
• Containerized microservices allowed us to GREATLY reduce our
footprint resulting in considerable savings on infrastructure
• Moving to containers allowed us to reduce our deployment
time significantly
• Allowed us to truly embrace auto-scale workloads
But, now we had to secure it…
7. Securing Our Workload Requirements
• Had to be simple and fit within our
continuous deployment model - absolutely
no friction to introduce security
• Had to be deployed just like any other
container in our ecosystem
• Had to provide security value immediately
upon deployment
The Alert Logic al-agent-container was born
9. Why Network IDS?
• Network IDS analyzes
network traffic from the
base host and the network
traffic to, from, and between
containers.
• Way to peer into your
containerized workloads and
see what’s really going on in
real time. Without it, you
have a critical blind spot.
10. Monitor and Analyze All the Traffic
• Binds to docker0 on the host
• Any communication to the
container is captured and
analyzed
• Provides a simple mechanism
to monitor multi-directional
traffic
11. Part of a Layered Container Defense Model
• Network intrusion detection
• Container application log management
• Network traffic monitoring
• Container process managing
• Container vulnerability scanning
• Configuration management
16. Container Security Considerations
PERMISSIONS
As with any software, we want to run our container process
using the lowest privileges possible.
IDS/LOG MONITORING, AUTOMATION & ACTION PLANS
You should always keep an eye on what is going on in your
environment and have predetermined action plans on what
to do should there be a service interruption.
17. Container Security Considerations
GET THE RIGHT EXPERTS ON YOUR SIDE
If you don’t have container security expertise on your
team, look for a way to augment your internal resources.
Better yet, find someone who can help prioritize, escalate
what matters, and offer remediation advice.
PORTABILITY IS KEY
Make sure your approach operates across multiple
platforms so you can securely manage containers across
platforms, in hybrid environments, and on-premises.
18. Container Security Considerations
REGULAR BACKUPS
Always create backups at important time intervals, such
as before updates or any major development changes.
TRUSTED SOFTWARE ONLY
Pull images only from well known, trusted repositories. It
may be tempting to pull an image from an unknown
repository. Don’t!
19. Container Security Considerations
LIMIT SYSTEM RESOURCES
Using container orchestration frameworks like Docker
Swarm and Kubernetes you can limit memory allocation,
and help reduce DOS attacks and general resource hogging.
A HEALTHY HOST IS A HAPPY HOST
Focusing on your container health is great, but don’t
forget to keep your main host up-to-date and healthy
with periodic restarts.
20. Container Security Considerations
THINK BIG PICTURE SECURITY
Whether you’re using containerization for development or
running production servers for ecommerce, outline your
goals and security posture before you make any moves.
JOIN A COMMUNITY FORUM
Docker, AWS, Azure, kubernetes, etc. have their own
support forums and there are great independent forums
(like containerjournal.com!). Find a community and join
the conversation.
21. Want to Learn More?
Download the
Container Security
Best Practices Guide &
Workbook at:
https://www.alertlogic.com/containers