According to a new study by Cloud Native Computing Facility (CNCF), containers have become the norm, reaching 84% use in production this year, up from 23% in CNCF’s first survey in 2016. CNCF has found that most new cloud projects use serverless, service mesh, and storage as popular ways to manage or work in conjunction with containers. The big winner in container tools is Kubernetes with 78% use in production. The same survey found that the biggest challenge to using containers was cultural, and the second largest challenge is security, with complexity rounding out the top 3 challenges.
If you are using containers, have you thought about security for the applications running in your containers? If you think security is being provided by your infrastructure provider (AWS, Azure, Google Cloud, etc), think again. Infrastructure providers are invested in securing their infrastructure components, not your application running the in their cloud. Even with their security for their infrastructure, you still need to provide security for your applications.
Or perhaps you are trusting that your edge perimeter solution, Web Application Firewalls (WAFs) or Next Generation Firewalls (NGFWs) are going to secure your application, you may be opening yourself to a breach from new sophisticated zero day attacks. For more on why WAFs fail to protect applications check out our recent blog articles on the Capital One attack and the Equifax breach and how WAFs failed in those scenarios.
The most effective security for applications running in containers is security that monitors every action taken by the application, one that runs in the same container as the application, also referred to as a sidecar security application. The security platform needs to monitor the application during runtime, while offering protection for new sophisticated zero day attacks including memory based attacks.
K2’s Next Generation Application Workload Protection Platform addresses these runtime security needs in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. K2 also provides attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking. Find out more about K2 today by requesting a demo, or get your free trial.