Create a Security Risk Assessment for Containers in 5 Steps

When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This type of analysis is especially important with containers, since the attack surface increases significantly, while the level of security visibility across hosts, containers, and the infrastructure control plane decreases.

For example, one of the most prominent attack scenarios in containers is the idea of blast radius. After the initial point of compromise, an attacker can escalate privileges quickly to gain control of other containers in the cluster. Since attackers are looking for the greatest returns for the least amount of effort, a vulnerable Kubernetes or Docker cluster may be a great place to strike quickly and do a lot of damage across a wide attack surface.

New, sophisticated attacks to cloud infrastructure emerge every day. But, if you follow the five steps outlined below to create a cybersecurity risk assessment, you can anticipate where your organization may be most vulnerable and strengthen your system’s security accordingly before an attacker gets the chance to strike. Read more “Create a Security Risk Assessment for Containers in 5 Steps”

How a DevOps Recruiter Hires for Containers and Serverless

A Q&A With Michael Race, Head of DevOps, Salt Digital Recruitment

When it comes to hiring for DevOps, there’s much to consider, especially if you’re looking for someone to manage containers and serverless infrastructure. There’s no doubt that it’s a talent-driven market — DevOps professionals are in demand.

In this competitive environment, how do you make the right choice about who to hire? According to Michael Race, Head of DevOps at Salt Digital Recruitment, patience is a must. But even if you’ve got time on your side, you still want to make hires that prioritize security, can advocate for tools and methodology, and have experience creating DevOps environments.

We sat down with Michael recently to get his perspective on hiring for containers and serverless. Michael — who’s helped dozens of companies fill DevOps roles — shared his thoughts on where security fits in, what he likes to see in a candidate, as well as red flags that may crop up. Read more “How a DevOps Recruiter Hires for Containers and Serverless”

Magic for DevOps Teams — Threat Stack Announces Containerized Agent

Every day, malicious actors are taking more complex routes into cloud infrastructure and leveraging increasingly covert traits to persist for longer periods of time. As Dark Reading put it in a recent article, “Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.” With the rapid adoption of containers and orchestration tools as part of that infrastructure, organizations are presented with yet another layer to protect from these complex attacks.

Containers bring many advantages to DevOps such as easier write-test-deploy cycles, flexibility to explore new frameworks, and a simpler way to make updates to individual resources or a range of components in your applications. As more teams move towards containerized workloads, DevOps teams expect the security tools they leverage to keep pace without slowing them down.

To ensure alignment with those expectations, Threat Stack is excited to announce a containerized agent that will be available to customers next month. The containerized agent will provide the deployment and velocity benefits of containerization while concurrently monitoring and alerting on container activity across the entire infrastructure, no matter where customers fall on the container adoption spectrum. Read more “Magic for DevOps Teams — Threat Stack Announces Containerized Agent”

Lessons in Resilience: A Conversation on Security at REdeploy 2018

I spent last week out in San Francisco at REdeploy to learn about Resilience Engineering and what it means to build solid, sustainable infrastructures, organizations, and teams. This was the first conference of its type, and it did not disappoint.

While there was an incredible lineup of speakers, the real value, in my opinion, came from the engagement and discussions that took place after the on-stage talks. Not only did the speakers and attendees mingle at every break, but the conference organizers also hosted a speaker panel at the end of each day where attendees could ask questions, and the speakers themselves could discuss some of the themes presented throughout the day. I eagerly took advantage and sat down with a few people to find out what Security means for Resilience Engineering. Read more “Lessons in Resilience: A Conversation on Security at REdeploy 2018”

Why Kubernetes is Not a Silver Bullet

Container adoption is on a meteoric rise. Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. It’s not hard to see why — containers’ offer greater DevOps flexibility along with an optimized build/deployment pipeline.

The surge in container adoption is the driving force behind a new phenomenon in developer circles that we at Threat Stack lovingly refer to as “Kubernetes FOMO.” Eager to get on board with the most popular orchestration platform around, organizations are jumping on the Kubernetes bandwagon.

And why not? Kubernetes speeds container deployment and enables the management of multi-container clusters at scale. It allows for continuous integration and delivery; handles networking, service discovery, and storage; and has the ability to do all that in multi-cloud environments.  

Some would call Kubernetes a silver bullet in the world of container deployment and management, but that doesn’t mean it comes without security concerns. In this post, we’ll discuss a few things to watch out for if you’re considering a move to Kubernetes, as well as some tips on ensuring that your infrastructure remains secure during a transition. Read more “Why Kubernetes is Not a Silver Bullet”

3 Things to Know About Kubernetes Security

Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. The operational benefits of containers, including optimized build times and more efficient use of infrastructure resources, have caused a surge in interest in container orchestration platforms like Kubernetes. At the same time, Kubernetes deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams.

For teams just getting started with Kubernetes deployments, here’s an overview of three things you need to know about securing your infrastructure from the outset. Read more “3 Things to Know About Kubernetes Security”

Why an Infrastructure Transition is the Perfect Time to Invest in Security

You’re in the midst of an infrastructure transition, and you have a million and one things on your plate. Whether you are deploying containers for the first time or configuring your orchestration tool, dealing with evolving infrastructure can be overwhelming, so security can surely wait, right? Wrong!

The problem with delaying security until your new infrastructure is up and running is the exposure risk your organization will have in its environments. When you put off security until a crisis occurs, you miss the important strategic advantages gained by integrating a security program into your operations from Day 1. Meanwhile, as security sits on the backburner, your new infrastructure is left perilously exposed.

Remediating an attack is always more troublesome, costly, time consuming, and damaging than getting security right in the first place. Therefore, it’s vital to build a culture of security from the beginning and to continuously reinforce it. Here are three reasons why the perfect time to invest in security is when you’re transforming your infrastructure. Read more “Why an Infrastructure Transition is the Perfect Time to Invest in Security”

Infrastructure in Transition: Securing Containers

Organizations are migrating from virtual server workloads to containers at a frenzied pace, buying into the increasingly popular technology and taking advantage of containers’ many benefits in terms of agility. The application container market is set to explode, according to 451 Research: Annual revenue is expected to increase by 400% over a period of five years, growing from $749 million in 2016 to more than $3.4 billion by 2021.

It’s not hard to see why. Containers are simple to deploy and provide users with greater operational flexibility and compute density, resulting in an optimized build pipeline. Turning to a container orchestration platform, such as Kubernetes, removes an additional layer of operational complexity for even greater ease of deployment and management.

However, a transition in infrastructure is never simple, and along with the advantages come new security challenges. In this post, we’ll discuss some of the risks you should consider before diving headfirst into a container environment, as well as some solutions for mitigating them. Read more “Infrastructure in Transition: Securing Containers”

Q&A With Pat Cable: How Threat Stack Secures Evolving Infrastructure

With the popularity of container environments on the rise, we’ve seen many Threat Stack customers undergoing infrastructure transitions of late. Whether they’re deploying containers for the first time or moving to container orchestration platforms, the shift is one that requires careful consideration when it comes to security. Often, however, organizations just don’t know where to begin in terms of integrating security with their evolving infrastructure.

Recently, I sat down with Pat Cable, Threat Stack’s Senior Infrastructure Security Engineer, to get his point of view on the challenges posed by evolving infrastructure and how Threat Stack can help ensure a secure transition. Read more “Q&A With Pat Cable: How Threat Stack Secures Evolving Infrastructure”

High Visibility Ahead: Building and Using Orchestration to Set Security Priorities

At Threat Stack, we use our own intrusion detection platform to protect Threat Stack. This gives us critical visibility into security events and alerts tied to our AWS infrastructure and instances, an all too popular target. But our infrastructure extends beyond AWS into additional vendor-managed solutions such as Cloudflare, SalesForce, corporate email, and others. So a key question is: How can we not only monitor those platforms, but also use the data from these logs to drive security priorities?

With that in mind, we set out to create a new custom internal app that can receive, store, and perform actions on information from all of these different sources. We opted to build this internal pipeline (some would call this security orchestration) instead of buying an off-the-shelf product because our security team indexes so highly on engineering and programming. We felt we could take an event-driven framework in a language we all knew and easily extend it to meet our needs, incorporating our internal detection and automated response frameworks, a choice we would not have made if our team or organization looked different. Read more “High Visibility Ahead: Building and Using Orchestration to Set Security Priorities”