startup

Container security in 5 simple steps!

December 24, 2019 By 58 Comments

When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This type of analysis is especially important with containers, since the attack surface increases significantly, while the level of security visibility across hosts, containers, and the infrastructure control plane decreases.

For example, one of the most prominent attack scenarios in containers is the idea of blast radius. After the initial point of compromise, an attacker can escalate privileges quickly to gain control of other containers in the cluster. Since attackers are looking for the greatest returns for the least amount of effort, a vulnerable Kubernetes or Docker cluster may be a great place to strike quickly and do a lot of damage across a wide attack surface.

New, sophisticated attacks to cloud infrastructure emerge every day. But, if you follow the five steps outlined below to create a cybersecurity risk assessment, you can anticipate where your organization may be most vulnerable and strengthen your system’s security accordingly before an attacker gets the chance to strike.

1. Establish the baseline

It’s hard to evaluate risk without baselining what business as usual looks like in your organization. Evaluate your systems, applications, and services as well as scripts that may run in your environment. Try your best to understand who has access to your environment, as well as how and where the data is flowing.
For example, If you have tools in place that gather data across complex, distributed systems, you can gain a better understanding of the intricacies of your “business as usual” operating state. Look at data from past incidents to find opportunities to optimize your processes, operations, and outcomes. This level of security observability will allow your team to proactively identify risks and put mitigation strategies in place prior to an incident occurring — rather than have to deal with issues after the fact in a reactive, ad hoc manner.

2. Identify the threat landscape

Consider probable threats that are typically included in risk assessments, such as insider threats (malicious or intentional), data leaks with unintentional exposure of information, or data loss. Depending on your systems, stakeholders, and environments, you will probably identify additional threats, and you should incorporate these into your assessment. Penetration testing with zero knowledge can help your team understand your system’s vulnerabilities from an outsider’s (read: a hacker’s) perspective.

For example, in a containerized environment, there are often single gateways (such as etcd in Kubernetes) that serve as key value stores for highly sensitive cluster data. These gateways, if left unprotected, can serve as a major conduit for data loss via the unintentional exposure of information.

3. Determine inherent business risk and impact.

Rate the impact of potential threats on your landscape without considering the control environment you have in place. Approach the assessment in this way to prevent factoring in controls that could mitigate the risk, so you can clearly understand the full potential of threat events.

Ever go through the exercise of “What’s the worst that could happen?” Now’s the time to try it. Rank each potential threat based on its likely impact. By way of example, < a href=”https://www.sans.org/reading-room/whitepapers/auditing/overview-threat-risk-assessment-76″>SANS uses the following rankings:

Minor Severity (Rating 1):  Vulnerability requires few resources to exploit, with little potential for loss. Exposure is relatively minor. The effects of the vulnerability are tightly contained, and it does not increase the probability of additional vulnerabilities being exploited.

Moderate Severity (Rating 2): Vulnerability requires significant resources to exploit, with significant potential for loss. Or, vulnerability requires few resources to exploit, with moderate potential for loss. Exposure is moderate, meaning that one or more system components may be affected. Exploitation may lead to further vulnerabilities.

High Severity (Rating 3): Vulnerability requires few resources to exploit, with significant potential for loss. Exposure is high, with the vulnerability affecting the majority of system components. There’s a significant probability of further vulnerabilities.

4. Include control environment.

Typically, you need to examine several categories of information to adequately assess your control environment. Ultimately, identify threat prevention, mitigation, detection, or compensating controls and their relationship to identified threats. A few examples include organizational risk management controls, user provisioning controls, and administration controls.

For reference, the CIS Benchmark reports on Kubernetes and Docker give an extensive overview of the security controls that need to be in place in a containerized environment. Access control, proper configuration, and protecting cluster components are three top container security considerations to keep in mind.

5. Benchmark against your industry peers

Finally, consider the industry sectors in which you and your customers operate and the types of data that you store, as well as your size, infrastructure, and assets. These factors will allow you to compare yourself to similar businesses and prepare for threats they have dealt with in the past.

For example, if you are a healthcare organization, consider the additional HIPAA compliance controls and requirements around customer data as you’re transitioning to a containerized environment. Speak to other organizations that have undergone similar infrastructure transitions to find out if there are any particular risks you may not have considered already. If there have been recent, high-profile breaches in your industry, use them for scenario analysis purposes.


58 Comments on "Container security in 5 simple steps!"

  1. sbobet
    March 3, 2021

    It's amazing designed for me to have a web page, which is valuable in support
    of my experience. thanks admin

  2. slot-online999
    April 20, 2021

    I visit daily some sites and sites to read content, except
    this blog presents quality based content.

  3. tinyurl.com
    March 27, 2022

    Hi to every body, it's my first pay a visit of this webpage; this webpage includes remarkable and in fact fine data for readers.

  4. tinyurl.com
    March 28, 2022

    My relatives all the time say that I am wasting my time
    here at web, however I know I am getting know-how every day
    by reading such nice articles or reviews.

  5. tinyurl.com
    March 28, 2022

    If you are going for finest contents like me, simply go to see this web site
    daily as it provides feature contents, thanks

  6. tinyurl.com
    March 29, 2022

    I am in fact thankful to the owner of this web
    site who has shared this fantastic piece of writing at at this place.

  7. book flights
    April 3, 2022

    Hello, its pleasant article about media print, we all be aware of media is a
    fantastic source of information.

  8. With havin so much content do you ever run into any issues of
    plagorism or copyright violation? My blog has a lot of completely unique content I've either
    authored myself or outsourced but it appears a lot of it is popping it up all over the internet without my
    agreement. Do you know any ways to help prevent
    content from being ripped off? I'd definitely appreciate it.

  9. If you desire to get a great deal from this paragraph then you have to apply these methods to your won web site.

  10. Hey! Do you know if they make any plugins to protect against hackers?
    I'm kinda paranoid about losing everything I've worked hard on. Any
    recommendations?

  11. gamefly
    April 6, 2022

    Very good information. Lucky me I recently found your site by chance
    (stumbleupon). I have book marked it for later!

  12. tinyurl.com
    May 10, 2022

    I think this is one of the most important information for me.
    And i am glad reading your article. But should remark on few general things, The web
    site style is wonderful, the articles is really great
    : D. Good job, cheers

  13. http://tinyurl.com/
    May 11, 2022

    I think this is one of the most significant info for me.

    And i'm glad reading your article. But wanna remark on few general things, The site style
    is great, the articles is really excellent : D.
    Good job, cheers

  14. http://tinyurl.com
    May 16, 2022

    This piece of writing will help the internet users for building up new web
    site or even a blog from start to end.

  15. tinyurl.com
    July 7, 2022

    I seriously love your site.. Pleasant colors
    & theme. Did you develop this website yourself?
    Please reply back as I'm planning to create my own site and would like to find out where
    you got this from or just what the theme is called.
    Thanks!

  16. Hello there I am so thrilled I found your blog page, I really found you by error, while I was
    looking on Askjeeve for something else, Nonetheless I am here now
    and would just like to say thanks a lot for a fantastic post
    and a all round entertaining blog (I also love the theme/design), I
    don’t have time to look over it all at the minute but I have bookmarked it and
    also added in your RSS feeds, so when I have time I will
    be back to read a lot more, Please do keep up the excellent b.

  17. I know this if off topic but I'm looking into starting my
    own weblog and was wondering what all is required to get setup?
    I'm assuming having a blog like yours would cost a pretty penny?
    I'm not very internet smart so I'm not 100% certain. Any recommendations or advice would be greatly appreciated.

    Kudos

  18. Thanks on your marvelous posting! I actually enjoyed reading it,
    you're a great author.I will make sure to bookmark your blog and definitely will come back from now on. I
    want to encourage one to continue your great work, have a
    nice day!

  19. http://bit.ly/3aZvKUC
    July 22, 2022

    Great work! This is the kind of information that should be shared
    around the internet. Shame on Google for now not positioning
    this publish higher! Come on over and discuss with my website .

    Thanks =)

  20. tinyurl.com
    July 23, 2022

    Every weekend i used to pay a quick visit this web page, for the
    reason that i want enjoyment, as this this web page
    conations in fact good funny material too.

  21. tinyurl.com
    July 28, 2022

    For the reason that the admin of this site is working, no question very rapidly it will be well-known, due to its
    quality contents.

  22. http://tinyurl.com
    August 1, 2022

    What's Taking place i am new to this, I stumbled upon this I've found It positively useful and it has
    helped me out loads. I am hoping to give a contribution &
    aid other customers like its helped me. Great job.

  23. tinyurl.com
    August 2, 2022

    An intriguing discussion is definitely worth comment. I do believe that you should write more about this topic, it might not be a taboo subject but typically people don't
    talk about these topics. To the next! Best wishes!!

  24. arsitec.cl
    August 7, 2022

    It's an awesome paragraph in support of all the web viewers; they will get benefit from it I am
    sure.

  25. tinyurl.com
    August 8, 2022

    Pretty! This was an extremely wonderful post.
    Many thanks for supplying this information.

  26. 2022
    August 12, 2022

    My brother suggested I might like this website.
    He was totally right. This post actually made my day.

    You cann't imagine just how much time I had spent for
    this info! Thanks!

    Here is my web page; 2022

  27. http://tinyurl.com/2lagg79v
    August 13, 2022

    Howdy! This is my first visit to your blog!
    We are a collection of volunteers and starting a
    new project in a community in the same niche. Your blog provided us beneficial information to work on. You have done a extraordinary job!

  28. http://tinyurl.com/
    August 14, 2022

    I am regular visitor, how are you everybody?

    This paragraph posted at this web page is truly fastidious.

  29. Ahaa, its nice discussion regarding this post here at this webpage,
    I have read all that, so now me also commenting at this
    place.

  30. tracfone special
    November 26, 2022

    Having read this I thought it was really informative. I appreciate you taking the time and effort to
    put this article together. I once again find myself personally spending a significant amount of time both reading
    and leaving comments. But so what, it was still worthwhile!

    Here is my webpage; tracfone special

  31. tracfone special
    November 30, 2022

    I’m not that much of a internet reader to be honest but your blogs really nice,
    keep it up! I'll go ahead and bookmark your site to come back later on. All the best

    My blog: tracfone special

  32. coupon
    November 30, 2022

    This is the perfect webpage for everyone who wants to find out about this topic.
    You understand a whole lot its almost hard to argue with you (not that I personally would want to…HaHa).
    You certainly put a new spin on a subject which has been written about for years.
    Great stuff, just wonderful!

    my web site; coupon

  33. google what to watch
    December 23, 2022

    Spot on with this write-up, I really believe that
    this website needs a great deal more attention. I'll probably be returning
    to read through more, thanks for the information!

  34. 2bizrate
    January 26, 2023

    2alimentary

  35. coursework service
    February 5, 2023

    coursework writing uk https://brainycoursework.com/

  36. custom coursework
    February 5, 2023

    coursework planner https://courseworkninja.com/

  37. coursework writers
    February 5, 2023

    differential equations coursework https://writingacoursework.com/

  38. database coursework
    February 5, 2023

    coursework support https://mycourseworkhelp.net/

  39. help with coursework
    February 5, 2023

    database coursework https://courseworkdownloads.com/

  40. coursework support https://courseworkinfotest.com/

  41. courseworks help
    February 5, 2023

    coursework masters https://coursework-expert.com/

  42. help with coursework https://teachingcoursework.com/

  43. custom coursework
    February 5, 2023

    coursework science https://buycoursework.org/

  44. coursework info
    February 5, 2023

    online coursework https://courseworkdomau.com/

  45. best free dating site
    February 8, 2023

    dating usa https://freewebdating.net/

  46. dating site sign up
    February 8, 2023

    marriage not dating https://jewish-dating-online.net/

  47. adult dating
    February 8, 2023

    date match site https://jewish-dating-online.net/

  48. local women dates
    February 8, 2023

    massianic singles free dating sites https://free-dating-sites-free-personals.com/

  49. dating seiten in schweiz
    February 8, 2023

    free sites https://sexanddatingonline.com/

  50. best dating sites for free
    February 8, 2023

    worldwide internet dating https://onlinedatingsurvey.com/

  51. best online dating websites
    February 8, 2023

    free dating sites for single men and women https://onlinedatingsuccessguide.com/

  52. ourtime login
    February 8, 2023

    granny fuck dating https://onlinedatinghunks.com/

  53. free text dating services
    February 8, 2023

    international dating site usa https://datingwebsiteshopper.com/

  54. single women phone numbers
    February 8, 2023

    datinghotlot https://allaboutdatingsites.com/

  55. interracial dating
    February 8, 2023

    local-singles club https://freedatinglive.com/

  56. datiing websites
    February 9, 2023

    our time dating website https://freewebdating.net/

  57. best lookup
    March 7, 2023

    It's wonderful that you are getting thoughts from this piece of writing as
    well as from our dialogue made here.

  58. Check your social signals for free

    hjwletyqo etnhx wfonned ofeg bmhghnebwymgwqq

Leave a Reply

nineteen − twelve =