When chatting with security teams, something we often hear is, “I don’t have any containers in my environment—I think.” Teams may be adamant they have no containers, but running a container discovery assessment typically winds up proving this is not actually the case. The average company runs eight containers per host driving mission-critical apps, but because development or operations teams set them up, security is often the last in the loop.
So, this means the question then evolves from if you have containers to how many containers are running rogue in your environment that you didn’t know about. And, when you do discover that you have containers, what do you do about it?
In this post, we’ll show you how you can use the container security features in InsightVM to find out whether you have containers you didn’t know about and how to assess them for risk.
How did containers get there?!
Containers are very appealing for companies that adopt continuous development (CD) and continuous integration (CI) methodologies. They’re easy to spin up and down to experiment and get things done, while opening up an entirely new way of creating and deploying applications.
Security teams often get left in the dark, leading them to think there are no containers in the environment. This happens for a few reasons, sometimes teams are concerned by the old stigma that the security team will slow them down, they simply forget to loop in their security counterparts in, or are unaware of the implications of running containers without following security best practices.
The reality is that whether the container is being used for experimentation or driving a mission-critical app, it inherently introduces risk because it’s connected to the company network and possibly the internet.
What’s the big fuss with containers and security?
Just like you wouldn’t spin up a new virtual machine or EC2 instance and expose it to the internet without knowing the risk it could introduce, the same holds true for containers. The jury is still out if they are any less or (possibly even) more vulnerable than a new virtual machine, but when they’re not under the watch of security and following container security best practices, they open you up to risk you may not even be aware of.
Sure, some containers may be completely safe and secure on their own. It’s what you don’t know that you can get into trouble. Particularly for large companies with complex environments, it can feel impossible for security to be in the loop on the use of containers at all times, either due to broken processes or difficulties in communication. Speed and innovation are fantastic and critical to success—Yet, you can run into issues down the road if security is left out of the process and containers are running rogue.
How to run InsightVM’s container discovery assessment to be in the know
Container discovery assessment gives you visibility into what containers you have out there (even if no one told you about them) and whether there are any vulnerabilities you should know about that put your organization at risk.
Through your normal use with InsightVM, you’ll assess the assets within your environment. When assessing an asset, InsightVM analyzes what the asset is running (such as applications, services, etc.). If it detects a running container host, it queries the service to see whether it’s running any containers. The results are then reported back to InsightVM and can be reviewed when looking at the details of an asset, in reports, and on the container security dashboard:
Identifying and securing containers in your environment is an important step. Even more important is looking at your entire stack from IaaS configurations to OS and software vulnerabilities, to (yes, of course) containers, and finally, the web application running on top of those containers.
OK. I do have containers
Now that we know there are containers in the environment we can move to assess them proactively, and help development and operations teams save time by resolving issues sooner.
The organization is more efficient when security teams are involved in the early stages of the software development life cycle (SDLC). Beyond reducing the likelihood of a breach, this also helps organizations prevent downtime, which can occur when container vulnerabilities are leveraged by attackers and when systems need to be retroactively taken offline to address identified weaknesses. Ensuring business continuity and saving time means cost savings for your organization as well.
Implementing container discovery assessment
To get started with container discovery assessment within InsightVM, all you need is an InsightVM account (this feature is automatically included). Existing customers can log in and get started, and new customers can sign up here to begin identifying vulnerabilities across their environment, including vulnerable containers.