Container Security Tips and Best Practices

Containers provide very important functionality: They package various software applications in “containers” to ensure that they are able to run correctly when moved from one computing environment to another.

The container model has all its dependencies packaged into virtual containers. A container not only contains an application but all supporting packages that are needed to run the application effectively. Thus, they provide flexibility, ease of use, and the ability to share resources. However, security is a primary concern when any new technology is pushed into production. Therefore, it is vital to focus on container security because poor security can put various applications and processes at risk for the entire enterprise. Threat Stack’s container security solutions monitor your containerized environments for risky and anomalous behavior and provide the visibility you need, no matter where your container strategy stands. You can deploy the Threat Stack agent on your host or even as a containerized agent to gain visibility into your containers. If you see risky behavior in a container, you’ll be able to follow the path of your attacker across your infrastructure.

Whether you’re using Docker or Docker with Kubernetes, security considerations must be paramount. Below, we discuss security tips and best practices that need to be incorporated for secure and safe utilization of containers. Read more “Container Security Tips and Best Practices”

How to Identify Threats Within Your Docker Containers

Now is a good time to review Threat Stack’s Docker integration in the wake of the recent runc CVE. The headline reporting gets a little hyperbolic, but I still think we should use this as an opportunity to reflect. Containers represent a powerful abstraction for a unit of software. The container abstraction provides some isolation, facilitation, and control, but also some opaqueness. Threat Stack’s solution adds security visibility to your deployment, and our Docker integration provides visibility into your Docker containers.

Threat Stack announced the release of its Docker integration during Amazon’s 2015 re:Invent Conference and has continued to maintain and expand its capabilities in subsequent releases. This feature augments detected host events with Docker information when the Threat Stack agent identifies the event as originating from a container. Augmented information consists of the Docker container ID and the image name. We collect that data with a host-based agent that does not stick some additional agent into each container. Per-container agents would cause performance issues for typically small footprint containers. Our daemon runs in user space and does not hook into the kernel, allowing us to stay lean and lightweight. Let me to explain a bit about how this all works. Read more “How to Identify Threats Within Your Docker Containers”

How to Defend Against the runC Container Vulnerability

Earlier this week security researchers Adam Iwaniuk and Borys Poplawski published details on a vulnerability in runC, the underlying container runtime for Docker, Kubernetes, cri-o, containerd, and other container-dependent programs. The vulnerability, CVE-2019-5736 allows malicious containers to overwrite the host runC binary and gain root-level code execution on the host. This would give attackers the ability to run any command as a root-level user including the ability to create new containers using an attacker-controlled image or attach executables into an existing container that they have write access to.

A patch has been issued for CVE-2019-5736, and all users should update to the latest version of all their container management programs as soon as possible.
Read more “How to Defend Against the runC Container Vulnerability”

Docker Security Tips & Best Practices

Docker is a software platform that makes it easier to create, deploy, and run applications. Recently there has been a major surge in the adoption of this technology — and while it offers significant benefits, it also presents security challenges. Some of the advantages center on the fact that your applications are loaded into a private namespace and the required dependencies are codified, and when using Docker, developers can package all the parts needed to run an application stack and ship it out as one unit. But if container ecosystems aren’t properly designed, deployed, and managed, they can create problems that offset or undermine the benefits.

To put you on the path to effective and secure usage, this post identifies common security issues and outlines best practices for reducing risk and increasing operational efficiency in containerized environments. (If you want additional resources to brush up on your Docker skills, take a look at our list of 50 useful Docker Tutorials for IT professionals.) Read more “Docker Security Tips & Best Practices”

Inside a Docker Cryptojacking Exploit: Webinar Preview

Inside a Docker Cryptojacking Exploit Webinar
Dec 13, 2018 | 1:00 P.M. ET

Container usage is on the rise, and tools like Docker are a key element in successful container deployments. Almost every organization operating in a DevOps environment sees the benefits of containers, but it’s important to remember that services like Docker are not security tools.

Coming up on December 13, Ethan Hansen a security analyst for the Threat Stack Cloud SecOps Program℠ will discuss an active cryptojacking exploit attempt he observed within a Docker container environment and how it was identified and mitigated. Read more “Inside a Docker Cryptojacking Exploit: Webinar Preview”

Container Security: Winter is Coming — Dress in Layers!

Recently I had the pleasure of joining hundreds of DevOps pros, IT managers, and security engineers at the first ever Container Security event at LEGOLAND. Attendees discussed the newest technologies, scariest threats, and biggest trends in the evolving world of container security. If you weren’t lucky enough to be a part of the fun, here’s a quick recap of what Threat Stack’s Director of Product, Todd Morneau, spoke about. Read more “Container Security: Winter is Coming — Dress in Layers!”

Top 4 Questions to Ask About Compliance, Security, and Containers

Introducing containers into cloud infrastructure can lead to faster development cycles as well as more efficient use of infrastructure resources. With these kinds of competitive advantages, it’s no wonder why container orchestration platforms like Kubernetes are so popular. In fact, Gartner estimates that 50 percent of companies will use container technology by 2020 — up from less than 20 percent in 2017.

While the value and popularity of containers are undeniable, deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams. This is why more and more companies are focusing on container security to ensure that they don’t ship software with known vulnerabilities, to protect sensitive data, and to maintain compliance with industry-specific regulations such as HIPAA, PCI, or SOC 2. Resources like the Center For Internet Security (CIS) benchmark reports on Kubernetes or Docker provide comprehensive, objective guidelines for organizations transitioning to containers.

In this post, we’ll walk through some of the top questions you need to ask when thinking about establishing security and maintaining regulatory compliance in a container infrastructure environment. Read more “Top 4 Questions to Ask About Compliance, Security, and Containers”

Join Threat Stack at “Builders of Tomorrow”

Making a Secure Transition to Containers

September 27 | LEGOLAND | Somerville, MA

We’re super excited to announce our upcoming event — Builders of Tomorrow  — a container security meetup at LEGOLAND in Somerville, MA.

Come hear from a rockstar team of container security leaders including:

  • Todd Morneau, Director of Product at Threat Stack
  • Jay Vyas, core contributor to Kubernetes and technologist at Black Duck
  • Hemant Kapoor, Global Head of SRE at Wayfair
  • Kevin Landt, Director of Product Management, OpsGenie
  • Ryan Wallner, Technical Manager Portworx

We also have a surprise guest speaker you won’t want to miss!

This will be our first security-driven container event. Builders of Tomorrow is the only event that brings engineers, IT managers, SREs, and thought leaders together in a single forum to explore how teams can scale and secure modern applications in a transitioning world.  

Builders of Tomorrow

Where: LEGOLAND Discovery Center Boston: 598 Assembly Row, 2nd Floor, Somerville, MA

When: Thurs, September 27, 2018, 5:00 – 9:00 p.m. EDT

Registration: If you haven’t registered already, reserve your tickets now.

What to Expect

The event will feature a mix of thought provoking sessions, expert panels, and hands-on build workshops with industry leaders and hands-on practitioners alike.

Between sessions, attendees will have the opportunity to exchange ideas with their peers and network at one of the most exciting venues in the Boston area.

Did we mention we have access to all LEGOLAND exhibits/attractions including?

  • Build Center
  • Lego Themed Escape Room
  • Roller Coaster
  • Star Wars Episode 2 Exhibit
  • Full Catered Beer, Wine, and Food

Sign up today and we’ll see you on September 27!

3 Things to Know About Kubernetes Security

Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. The operational benefits of containers, including optimized build times and more efficient use of infrastructure resources, have caused a surge in interest in container orchestration platforms like Kubernetes. At the same time, Kubernetes deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams.

For teams just getting started with Kubernetes deployments, here’s an overview of three things you need to know about securing your infrastructure from the outset. Read more “3 Things to Know About Kubernetes Security”

Infrastructure in Transition: Securing Containers

Organizations are migrating from virtual server workloads to containers at a frenzied pace, buying into the increasingly popular technology and taking advantage of containers’ many benefits in terms of agility. The application container market is set to explode, according to 451 Research: Annual revenue is expected to increase by 400% over a period of five years, growing from $749 million in 2016 to more than $3.4 billion by 2021.

It’s not hard to see why. Containers are simple to deploy and provide users with greater operational flexibility and compute density, resulting in an optimized build pipeline. Turning to a container orchestration platform, such as Kubernetes, removes an additional layer of operational complexity for even greater ease of deployment and management.

However, a transition in infrastructure is never simple, and along with the advantages come new security challenges. In this post, we’ll discuss some of the risks you should consider before diving headfirst into a container environment, as well as some solutions for mitigating them. Read more “Infrastructure in Transition: Securing Containers”