Podcast: Container Security and Vulnerabilities

DATA SECURITY PODCAST

In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine,  Robert E. Johnson III, Cimcor CEO/President, discusses the latest views on cloud security and data security, and the importance of system integrity monitoring and best practices for businesses regarding file integrity monitoring.   The podcast can be listened to in it's entirety below.

Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak


Q: Joining us today as President and CEO Robert E Johnson, III. Robert has been a pioneer in the development of next-gen system integrity monitoring, self-healing systems, and cybersecurity software. Rob, welcome! It's so great to have you back on the show.

A: It's great to be back Hillary.

Q: Rob we're here to talk about container security. So since 2013, the use of containers and containerization technology has grown by leaps and bounds. So let's talk about containers — what are they?

A: You're right. Containers — they really have grown and adoption has just been amazing over the last few years, so containers are a type of lightweight and portable virtualization technology. Containers are generally much smaller than traditional virtual machines and that's because they don't contain the entire operating system.

In fact, it actually leverages is the operating system of the host. But they have become so popular because of their speed. They are so fast. And they have become popular because of their ability to define through some declarative syntax exactly which applications and services should run in that container. And another big benefit to containers are their scalability. They are very easy to stand up, and they are simple to tear down, so they're just perfect for many types of workloads,  whether it's a long running type of service or even microservices, which need to run only for short period of time.

Q: Awesome. I'd like to talk to shift now and talk about the concerns and potential vulnerabilities with container security.  

A: Right. You don't hear much about container security, and I think that's because it's so easy to overlook container security. Due to the fact that it's so easy to simply stand up a container or destroy it, it's almost common nowadays to think of containers as literally disposable.
Many folks hold this philosophy that you know, if there's a problem they can simply destroy that container and spin up a new one. However, in truth — and here's the real issue — in truth, these containers are running and are subject to many of the same threats as full operating systems or virtual machines. Any application level vulnerability that you may have seen as an issue on a full server is still going to be an issue in that container.

And you know, the images, for which you have built these containers might be from untrusted sources, which could be a risk. And even operating system vulnerabilities in containers can still be a risk. So they aren't the disposable unit that you can not really worry about. It's a real concern and it needs to be addressed.

What that means is that it's possible for a container to be compromised while its running. And many people don't think about that running state, but it's completely possible for a container to be compromised. And oftentimes, in contrast to many service virtual machines, these containers are running with absolutely no security measures in place to ensure that those containers haven't been compromised and ensure that those containers are in the state of integrity.

Though I personally believe that most folks that have compromised containers will never even know about it. And due to the fact that some of these containers may not run for very long, it's possible that when that container is destroyed, you also destroy all the evidence an audit trail of any attack.

Q: So Robert, how can organizations begin to tackle some of those concerns.

A: You know, it's really important to think about the risk associated with containers as approximately the same as a full server or virtual machine. You know it's not really that different. So that means you first of all, you need to ensure that you're building your containers off a trusted images.  Now there are there's a ton of images out there for every application under the sun, for which you can build your containers off of.

But there is a growing corpus of malware associated with many of those base images. So it's extremely important to start things off correctly, with a clean trusted image and build your containers off of that. That provides you with that solid foundation. 

Now, many containers have a short lifetime and whether it's a short lifetime or a long running container, it is critical to have controls, security controls directly within the container. And by that I mean tools such as file and system integrity monitoring. 

That will provide you with that audit trail of what's changed within that container during this entire lifetime, whether long or short.  You know, ultimately every threat really begins with a change, and by combining integrity monitoring into your containers that provides you with a powerful way to continue to leverage containers, while ensuring that those containers are in a state of security and state of integrity at runtime.

So one of the things we're doing here at Cimcor is we've been working on our product called CimTrak Integrity Suite.  And it can run inside of these containers and provide folks with this insight to exactly what's changed and highlight unauthorized changes within your containers. So I think that's one great starting point for folks to secure these containers. 

Q: Absolutely. Rob, thank you so much for joining us today. This has been really great to learn about container security with you. 

A: Thank you, I appreciate the opportunity to join you and can't wait to connect with you guys again.

Download the Docker Security and Containerization Report from Cimcor

Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".