One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8400754 |
| Date de publication | 2023-10-26 10:00:00 (vue: 2023-10-26 10:08:17) |
| Titre | Ensuring robust security of a containerized environment |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today’s rapidly evolving digital landscape, containerized microservices have become the lifeblood of application development and deployment. Resembling miniature virtual machines, these entities enable efficient code execution in any environment, be it an on-premises server, a public cloud, or even a laptop. This paradigm eliminates the criteria of platform compatibility and library dependency from the DevOps equation. As organizations embrace the benefits of scalability and flexibility offered by containerization, they must also take up the security challenges intrinsic to this software architecture approach. This article highlights key threats to container infrastructure, provides insights into relevant security strategies, and emphasizes the shared responsibility of safeguarding containerized applications within a company. Understanding the importance of containers for cloud-native applications Containers play a pivotal role in streamlining and accelerating the development process. Serving as the building blocks of cloud-native applications, they are deeply intertwined with four pillars of software engineering: the DevOps paradigm, CI/CD pipeline, microservice architecture, and frictionless integration with orchestration tools. Orchestration tools form the backbone of container ecosystems, providing vital functionalities such as load balancing, fault tolerance, centralized management, and seamless system scaling. Orchestration can be realized through diverse approaches, including cloud provider services, self-deployed Kubernetes clusters, container management systems tailored for developers, and container management systems prioritizing user-friendliness. The container threat landscape According to recent findings of Sysdig, a company specializing in cloud security, a whopping 87% of container images have high-impact or critical vulnerabilities. While 85% of these flaws have a fix available, they can’t be exploited because the hosting containers aren’t in use. That said, many organizations run into difficulties prioritizing the patches. Rather than harden the protections of the 15% of entities exposed at runtime, security teams waste their time and resources on loopholes that pose no risk. One way or another, addressing these vulnerabilities requires the fortification of the underlying infrastructure. Apart from configuring orchestration systems properly, it’s crucial to establish a well-thought-out set of access permissions for Docker nodes or Kubernetes. Additionally, the security of containers hinges on the integrity of the images used for their construction. Guarding containers throughout the product life cycle A container\'s journey encompasses three principal stages. The initial phase involves constructing the container and subjecting it to comprehensive functional and load tests. Subsequently, the container is stored in the image registry, awaiting its moment of execution. The third stage, container runtime, occurs when the container is launched and operates as intended. Early identification of vulnerabilities is vital, and this is where the shift-left security principle plays a role. It encourages an intensified focus on security from the nascent stages of the product life cycle, encompassing the design and requirements gathering phases. By incorporating automated security checks within the CI/CD pipeline, developers can detect security issues early and minimize the chance of security gap |
| Envoyé | Oui |
| Condensat | absence accelerating access according across actors adapt adding additionally address addressing adopt adoption advance advanced all also although analytics another answer antivirus any apart application applications approach approaches architecture are aren’t arena around article assess at&t authentication author automated available average awaiting backbone balance balancing base based basic because become before belong benefits best between blind blocks build building but called calls can can’t care centralized chain challenge challenges chance checks ci/cd classic clear cloud clouds cluster clusters cnapp code collaboration collaborative communicate company compatibility complex components comprehensive concurrently configuring connections consequently console constructing construction container containerization containerized containers content context continuous controlling cooperation criteria critical crucial cycle data deeply defenses definitely dependency deployed deployment design detect detection determine developed developers development devops difficulties digital distinct diverse dlp docker does dubious due during each early ecosystems effectively effectiveness efficient element eliminates embrace emerge emphasizes employing enable encompasses encompassing encourages end endorse endpoints enforce engineering engineering: ensuring enterprise’s entities entrusted environment environments equation essential establish establishes even every evolving execution expertise exploited expose exposed external facilitates factors fault features findings firewalls fix fixes flaws flexibility flows flying focus focused form formulates fortification forward foundation four frictionless friendliness from front functional functionalities gaps gathering generation going grapple great guarding harden have help high highlights hinges hoc hosting however identification identifies identify ids image images impact imperative implementing importance important importantly inadvertently incident incidents include including incorporating information infosec infrastructure initial insights inspection instance instrument integrated integration integrity intended intensified intertwined intrinsic introduce intrusion investigates investigations involves issues it’s its job journey juncture key keys kubernetes landscape lapses laptop later launched lead leaks left less leveraging library life lifeblood like linux load loopholes loss machines main malicious manage management managing many matter maximize may measures mechanism meticulous microservice microservices miniature minimize mitigating moment monitor multifaceted must nascent native necessitates necessitating networks next ngfw nodes nonetheless not note noting numerous nurturing occurs offered often one operate operated operates orchestration organization organizations other out over owns paradigm parts party passwords patches perimeter permissions phase phases pillars pipeline pivotal plaintext platform play plays plus pose positions possess post postures practices pre precedence premises prevent prevention principal principle prioritize prioritizing proactive process product products professionals proficiencies properly protecting protection protections protective provided provider provides providing public purposes radar rapidly rather readiness real realized realm recap recent reflected registry relevant remediate represents requirements requires resembling resilient resolving resort resources responsibility responsible rest restrictions revolves risk risks robust role rules run runtime safeguarding said scalability scaling scrutiny seamless secrets secure securing security self sensitive separate server services serving set shared shift should shoulder side significant single skill software solely solution solutions some specialists specialized specializing specific spots stage stages steer stored strategies streamline streamlining strike sturdy subject subjecting subsequently such suitability supervise sysdig system systems tactic tailored take ta |
| Tags | Tool Vulnerability Threat Cloud |
| Stories | Uber |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.