• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Setting Sail with Docker

Setting Sail with Docker

  • Posted on:April 18, 2017
  • Posted in:Security, Virtualization
  • Posted by:
    Justin Foster
0

This week thousands of people are heading to Austin, Texas for DockerCon 2017. Docker’s popularity has been explosive, with thousands of organizations using it’s platform to modernize applications, build microservices, optimize infrastructure and embrace a true DevOps practice.

Like any transformation, moving to Docker is a journey for an organization. In preparation for sailing on the high seas, it’s important to know how to secure your containers for the voyage.

 

 

As we have discussed before on Simply Security, Containers are a part of an evolution of computing. As we move along this spectrum, workloads are shrinking in size as developers increasingly embrace microservices. Virtualization offered application templates that were an entire VM, cloud introduced newer forms of building stateless servers dynamically, but containers standardize and compartmentalize the application in a highly efficient and portable way.

With the adoption of these modern environments, security too has adapted. For virtualization, we saw the first agentless approach to file and network security. With cloud, we supported auto scaling and consumption licensing. For Docker, security is evolving to provide container visibility and able to protect the Docker host and the containers it supports.

In addition to application portability, Docker introduced a standardized means of application distribution, the registry. Developers use a CI/CD pipeline to push images to the registry and from there, container orchestration tools like Docker Swarm or Kubernetes are used to deploy, manage, and scale container workloads. This separation of duties is your first step towards securing a Docker-based application environment. Developers only have the ability to push images, where operations use these images to ensure the application is highly available and serving your users. With DevOps, these roles may be in the same team, but applying the principals of least privilege is always good practice. 

Next is the runtime application itself. Like anything else in the computing world, Docker-based deployments and the applications running in them, while largely instrumental in innovation, remains imperfect. These imperfections come in the form of operating system vulnerabilities, application logic flaws that introduce injection or spoofing attacks, or malicious insiders This is where applying compensation like Intrusion Prevention, File Integrity Monitoring, Log Analysis and other techniques comes in. It is very important that any solution understand how to protect both the Docker host and the containers running on it.

Docker environments mean rapid deployment and iteration. Some Docker users ship application updates over a hundred times a day! It’s important in this type of dynamic environment to choose a tool that adapts to changes and provides visibility into your Docker workloads. Furthermore, If your application has sensitive data, you may be subject to compliance standards. Choosing a security tool designed for continuous compliance will be your best path to avoiding headaches during an audit. With your containers secured, it’s only smooth sailing thereon out. 

Organizations are setting sail for a container world faster than ever. These are just a few of the tips to help you with the choppy seas to ensure a safe and secure voyage with Docker.

If you are at DockerCon in Austin this week, stop by and see us at Booth S30! Our team can show you how we add layered security to the Docker host and the containers.  Find out more at www.trendmicro.com/hybridcloud.

If you have questions or comments, please post them below or follow me on Twitter: @justin_foster.

Related posts:

  1. Securing Containers in The AWS Cloud with Trend Micro
  2. Extending Trend Micro’s Container Protection with Deep Security Smart Check
  3. Attacking Containers and runC
  4. The Next Enterprise Challenge: How Best to Secure Containers and Monolithic Apps Together, Company-wide

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.