Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2
FOREWORD
Containers and Orchestration Create New Vulnerabilities
Lacework is a SaaS platform that
Over the last few years we have seen a dramatic rise in the use of containers and
automates threat defense, intrusion
container orchestration systems for the coordination and management of cloud detection, and compliance for cloud
services. Among other things, containers allow for rapid deployment, ephemeral workloads & containers. Lacework
workloads, and autoscaling of applications at scale. For organizations that work monitors all your critical assets in
in an agile way and deploy services continuously, it’s an enormously popular piece the cloud and automatically detects
of their infrastructure. Popular types of containers include: Kubernetes, Docker threats and anomalous activity so
Swarm, OpenShift, and Mesosphere. you can take action before your
company is at risk. The result?
Containers are a new and important component of modern environments, but Deeper security visibility and greater
threat defense for your critical cloud
as they still have to live in a shared host and cloud account facing similar threat
workloads, containers, and IaaS
vectors, their security cannot be treated in isolation. Lacework provides a holistic
accounts. Based in Mountain View,
approach to container security as it supports this natively, while at the same time California, Lacework is a privately
provides security for hosts and AWS accounts which if compromised can cause held company funded by Sutter Hill
even larger scale damage to any container environment. Ventures, Liberty Global Ventures,
Spike Ventures, the Webb Investment
Many organizations rely on containers to help them orchestrate among Network (WIN), and AME Cloud
applications and data sources, and as this approach grows, security teams are Ventures. Find out more at www.
discovering a corresponding increase in their overall threat surface. The people lacework.com.
interviewed in this book offer insightful proof that while containers provide
distinct advantages for workloads and applications, they also require focused,
automated security to remain safe.
Regards,
Dan Hubbard
Chief Product Officer
3
Get actionable recommendations on how to improve
your security and compliance posture for your AWS,
Azure, GCP, and private cloud environments.
Streamline security for AWS, Azure,
and GCP. Gain unmatched visibility,
ensure compliance, and enable
actionable threat intelligence.
FREE ASSESSMENT
© 2019 Lacework, Inc. Lacework and Polygraph are registered trademarks of Lacework. All
other marks mentioned herein may be trademarks of their respective companies. Lacework
reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
4
TABLE OF CONTENTS
Kathrine Riley,
Director of Information Security Milinda Rambel Stone,
& Compliance Vice President & CISO
Braintrace..........................................................
09 Provation Medical..........................................
13
Darrell Shack
Cloud Engineer
Cox Automotive Inc.......................................
10
5
“CONTAINERS RUNNING SER-
VICES OR APPLICATIONS ARE
OFTEN OVERPRIVILEGED FOR THE
FUNCTIONS THEY PERFORM.”
There’s a lot to like about containers, but also a lot not to like from
Ross Young, Director,
a security perspective. For one thing, they make the environment
Capital One
considerably more complex, which introduces potential vulnerabilities.
Ross Young is a veteran
technologist, innovation expert, For example, let’s say you have a normal Amazon EC2 server running
and transformational leader, having something like a Linux-based operating system. Then you have to install
learned DevSecOps, IT infrastructure, a Docker engine on top of that. Now you have two types of vulnerabilities,
and cybersecurity from a young one being whether you keep your host operating system (OS) patched
age from both ninjas and pirates.
and up to date, and the other is whether you configured your Docker
Young currently teaches master-level
engine correctly. Then if you install two applications as containers,
classes in cybersecurity at Johns
the challenge becomes how you check to see if things are operating
Hopkins University and is a director of
information security at Capital One. as they should. Historically one might look at network traffic from one
EC2 instance to another. But in this simple example, there's no network
traffic leaving that EC2 instance. You need better tools capable of inter-
container monitoring of activity within one EC2 instance, and more inter-
container access control and authentication.
6
Another problem is that containers running services or applications are often overprivileged for the
functions they perform. For instance, they are often set up with admin privileges for an application that
doesn’t require those privileges. That means they now have the ability to see everything in the host OS,
and also see other containers that are on that same EC2, including data. Solving this requires tools that
run the service with the least privileges it needs so that it can’t break out of its container and get to the
host OS.
Another best practice that has started to evolve is using very small containers with minimum necessary
privileges, and making them read-only containers so they can’t be changed. If you get hacked, the
container still runs as intended.
Ultimately, developers need to incorporate security to the point where they create security policy as code.
This involves using tools that do security scanning during development and give developers instant
feedback about vulnerabilities. n
7
“MANY PEOPLE DON’T REALIZE
THE POTENTIAL FOR HAVING
A SINGLE POINT OF FAILURE
WITH MULTIPLE CONTAINERS
Paul Dackiewicz, Lead Security
GOING DOWN.”
Consulting Engineer, Advanced Network
Management (ANM) The easier it is to deploy code or apps, the greater the potential for
propagating vulnerabilities. You need to manage these processes carefully
Paul Dackiewicz has over 10 years of systems
engineering and cybersecurity experience in and not get too comfortable with how easy it is to deploy and scale apps.
the fields of healthcare, government, and value-
added resellers (VARs). He is currently leading Containers themselves are pretty secure. However, many people don’t
the security operations center (SOC) for a premier realize the potential for having a single point of failure with multiple
managed security services provider (MSSP). containers going down, for instance if a host server is lost. The impact
of this kind of event depends on a number of factors, including how the
original environment is configured for density.
8
“SEGREGATION OF DUTIES, AND
SEGREGATION OF ACCESS…KEEPS
YOUR PRODUCTION CONTAINER
LOGICALLY SEPARATED FROM ITS
DEVELOPMENT AND TEST STATES.” Katherine Riley, Director of
Information Security & Compliance,
Container security begins with enforcing roles and responsibilities during Braintrace
development, testing, and production. Ideally you will have segregation of
duties and segregation of access, which keeps your production container Katherine (Kate) Riley is skilled in leading
logically separated from its development and test states. Defining roles teams to define cloud architecture, and
in development of controls. She has
and responsibilities, and turning those on and off, determines who or what
developed and implemented security
process can promote a container from development to test, and from test
frameworks such as ISO and NIST, and
to production. These definitions become an integral part of your change- performed compliance reviews such as
management process. n FFIEC, HIPAA, HITRUST, SOX, GDPR, and
GLBA.
9
“IT IS VERY IMPORTANT WHEN
YOU ARE PULLING CONTAINER
IMAGES TO DRIVE A PROCESS,
THAT YOU VERIFY THE AUTHEN-
TICITY OF THOSE IMAGES.” Darrell Shack , Cloud Engineer,
Cox Automotive Inc.
One potential vulnerability with containers is that if one container is
infected, that compromise can spread to the host. That’s because, unlike Darrell Shack is a seasoned system
segmented environments where different applications can run on different engineer focused on building resilient
and high--availability solutions. He has
operating systems, container environments typically run all the containers
experience in developing solutions in the
on top of one operating system, and the containers take their functionality
public cloud Amazon Web Services, helping
from that operating system. teams manage their cost, and overall
application performance in the cloud.
This is why it is very important, when you are pulling container images to
drive a process, that you verify the authenticity of those images. You need
to verify the sources and make sure you are using a known, secure URL.
10
“THE BIG CHALLENGE IN A MAS-
SIVELY SCALED CONTAINER EN-
VIRONMENT IS THE NEED TO CON-
TINUOUSLY SCAN AND MONITOR
FOR NONCOMPLIANT IMAGES…” Mauro Loda, Senior Security
Architect, McKesson
Containers have many advantages, but the way containers sit on a common
OS kernel creates a situation where compromising one single container can Mauro Loda is a passionate, data-
provide access to the OS kernel and all other containers associated with it. driven cybersecurity professional who
This requires continuous monitoring, and it requires a different approach helped define and drive the “Cloud First”
strategy and culture within a Fortune 100
to patch management. In a traditional environment, you patch all the
multinational enterprise. He is a strong
time. However in a container environment, you do not continuously patch
believer in offensive security and simple-
containers. When a vulnerability becomes known, you immediately update but-effective architecture-defense topology.
the container image and deploy completely new containers. This changes Emotional intelligence, pragmatism and
your entire approach to patch management. reliability are his guiding principles. He has
achieved numerous industry certifications
The big challenge in a massively scaled container environment is the and actively participates in forums,
need to continuously scan and monitor for noncompliant images, and technology councils, and committees.
authenticate images across different container platforms. Tools used to
monitor container activity need to be adaptable to different situations
at any point and time. A container that is streaming an application right
now may not be in 10 seconds. The tools need to be intelligent, perhaps
artificial intelligence (AI) driven. Everything is pattern based, behavior
based, and risk based. The tools need to be able to protect you in a way
that dynamically adapts to the current state of your constantly changing
environment. n
11
“ANOTHER CHALLENGE FOR
CONTAINERIZED ARCHITECTURES
IS THAT THEY MAKE FORENSICS
DIFFICULT.”
The biggest security concern when using containers is that they come out of
James P. Courtney, Certified Chief a centralized distribution area. This means if one file gets infected, that can
Information Security Officer, Courtney
affect everything in the environment. The big challenge for environments that
Consultants, LLC
use containers is how you minimize the risk of that centralized architecture.
James Courtney is a recognized cybersecurity
Another challenge for containerized architectures is that they make forensics
professional who has spoken at multiple
difficult. In an environment that instantly spins up a machine to provide
conferences, including the CyberMaryland
Conference. He is a Certified Chief Information
on-demand services and then eliminates that container when it is no longer
Security Officer (one of 1,172 in the world), serving as needed, if the container is compromised, what did it do while it was up? For
the IT network and operations security manager for a instance, if something jumped from a computer to an image and then got
private SIP consulting firm in McLean, Virginia. access from that image to another server before the image spun down, the
image is now gone but the damage is already done. Even if you have good
monitoring tools that triggered an alert on a machine that is now gone, you
no longer have access. The bad guys, depending on what kind of access
they get, can erase logs and do other things to cover their tracks. From a
forensics point of view, once you’ve discovered you’ve been breached, the
way containers work can make it very difficult to go back and trace the
steps of an attack. If you have a large enough budget, you may be able to log
everything, but that may not be feasible in a massively scaled environment.
The big challenge in a massively scaled container environment is the need to scan and monitor continuously for
noncompliant images, and authenticate images across different container platforms. Tools used to monitor container activity
need to be adaptable to different situations at any point and time.
Ultimately, developers need to incorporate security to the point where they create security policy as code. This involves using
tools that do security scanning during development and give developers instant feedback about vulnerabilities.
14
Interested in more? Try Lacework
for free and validate the security
of your cloud:
Streamline security for AWS, Azure,
and GCP. Gain unmatched visibility,
ensure compliance, and enable
actionable threat intelligence.
© 2019 Lacework, Inc. Lacework and Polygraph are registered trademarks of Lacework. All
other marks mentioned herein may be trademarks of their respective companies. Lacework
reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
15