07/02/2019
Callum Butler

Cloud, cognitive capabilities, and containers are 3 critical technologies that will drive Digital Transformation. according to IDG.  In a recent #IDGTechTalk our Ethical Hacker, Callum Butler, joined other experts to discuss containers. How are they being used? What are the benefits? And what are some of the challenges associated with them?

Here’s a summary of our own expert ‘s responses @Callum_Butler ) as well as other experts taking part in the chat.  (@georgegerchow, @benrothke, @mthiele10, @mdkail and many more)

Callum Butler Cyber Security Analyst Make contact

What is a software container and how are they being leveraged?

@Callum_Butler 

Software containers allow us to create, deploy and run applications in containers.  This allows us to spin-up (or down) applications in seconds, as well as full monitoring around the instance.

Docker is a prime example. This allows security teams to deploy and run “honeypots” (ie network-attached systems set up as a decoy to lure cyberattackers) or other security tools.  This makes it possible to identify and analyse information in seconds.

 

Is your organisation deploying containers into production? If so, what container technology is being used?

@Callum_Butler 

Yes, we use containers in our network at CANCOM (OCSL) as well as for our customers. Docker and Kubernetes are a couple of examples.

What security challenges does container technology pose? What security benefits can containers provide?

@Callum_Butler 

A key security issue teams need to consider when using containers is the amount of isolation. For example, if an attacker were to compromise a container it could potentially allow them access to other containers on the same host.

A key benefit of containers is the attack surface is a lot smaller. Multiple apps are run on one server, as opposed to multiple servers.

Have you seen vulnerabilities in containers that could expose critical data? They are out there, is it part of your security risk plan?

@Callum_Butler 

Not so much within the technology itself, (though they are out there.) But ensuring the host running the technology, such as Docker, is up-to-date and free from vulnerabilities is key.

One RCE (Remote Code) exploit against the host will cause a huge amount of upset.

Its not uncommon for poisoned images,  to be out in wild. (In other words, image files that have been tampered with prior to being downloaded.)

If used this could cause massive issues not only for the host, but for the data that may be present.   Containers on physical hosts also have issues, for example, a kernel exploit could cause the host to go offline.

Finally, what is your organisation doing to secure your container deployment?

@Callum_Butler 

We isolate the hosts running container technology into their own network and using monitoring and logging tools. We also enable extra layers of security such as AppArmor.

Related article, from Container Journal: “Container Security requires a Holistic View

And don’t forget to check out more of the rest of this conversation on Container Security, as well as  a huge range of other tech topics, on #IDGTechTalk.

 

Find out more about our Security Risk Assessment

 

 

Thought piece