Qualys has boosted its security offerings with a new product to improve the security of containers. The product, called Container Runtime Security is designed to give greater visibility into containers using a lightweight piece of Qualys code withiin the container image. It gives security teams the ability to enable and monitor security policies and detect container behaviour at runtime.
Sumedh Thakar, CEO and Chief Product Officer, Qualys said: “One of the advantages of the containerised environment generally is that microservices tend to be very well defined, their roles tend to be very well defined. It is possible to have policies upfront that say, these containers are web server containers, and they should only be talking to these other containers, which are database containers, as an example. They shouldn’t be talking to anybody else. Those rules can be defined upfront and monitored against, but the security has to go with the container and the ability to block those things in real-time.
“That’s the biggest part about the container runtime capability that we are introducing. That ability to have a small piece of security code that goes with every individual container. Now you’re not dependent on the runtime, a sidecar or a privileged container. You define upfront that this container should only do these things. That will be enforced by the security solution, and that makes it a lot more real-time. Now you’re saying this container should only accept these things, should only talk to these devices, should not allow these files to be open. All of these policies can be centralised.”
API driven container security
One of the challenges for container security is the speed with which containers can be created, deployed and deleted. It makes it hard for existing security solutions to track what is happening within a container in near real-time let alone real-time. The Container Runtime Security API enables developers and security teams to add more instrumentation to their containers.
It makes container security part of any DevSecOps processes. Thakar sees a need for security teams to own the security pipelines whether that be in CI/CD processes or runtime. By providing an API to instrument containers, this is exactly what is being provided.
Another thing that this should solve is bad images getting into production. According to Thakar: “The integration with Kubernetes ensures that any image that is getting spun up in the production environment is only coming from an approved set in the repository. Rogue images are not being pushed. You can have a repository of what is scanned and passed in Qualys that can be put in the admission controller to do a quick check.”
This also plays to runtime where the API will allow operations and security to set and manage policies. Thakar says this will allow them to monitor: “What network connections and what files are being accessed in which containers.” They will then be able to: “provide policies upfront define them to say that these containers are only allowed to talk to those containers.”
Enterprise Times: What does this mean?
The explosion of containers in production is becoming a concern. The original goal for containers was to hold microservices that could be spun up and down quickly. This created an environment where it was hard to track any bad code in a container and stop it entering production. Using an API that can integrate with orchestration tools should help provide a near real-time view of every container to security.
Containers have also evolved to now hold complete applications, databases and data sets. That means that there is an absolute need for security inside the container. By linking the Container Runtime Security solution to its other products, Qualys is integrating containers to the wider security tools in use.
Importantly, this is a tool for everyone in IT from developers to operations to security teams.
Enterprise Times will publish a podcast with Sumedh Thakar on container security, next week.