Threat Stack announced today it is extending its threat monitoring platform for the public cloud service from Amazon Web Services (AWS) to include the Amazon Elastic Kubernetes Service (Amazon EKS) on the AWS Fargate serverless platform.
Chris Ford, vice president of product for Threat Stack, says the company already provides threat intelligence for Kubernetes services from Microsoft and Google. Support for AWS EKS is now provided via the same AWS Fargate Security Monitoring service based on the Threat Stack Cloud Security Platform.
In addition to identifying potential threats, that offering will also alert IT teams when containers make unexpected network connections or transfer data to unexpected IP addresses that might be indicative of, for example, data exfiltration.
In general, Ford says, many organizations are underestimating how long containers actually run in their environments. There are now millions of containers that are running in a steady state instead of being ripped and replaced every few seconds, he notes.
Who, exactly, is responsible for securing container environments is a fact that also often gets lost in the shared security responsibility model that cloud service providers have adopted, adds Ford. Developers often assume that the cloud service provider has assumed responsibility for container runtime when, in fact, it is the responsibility of the development team to secure both their containers and the runtime platform.
The number of security incidents involving containers has increased as more developers deploy them on platforms that are easily configured. In an ideal world, developers would have embraced DevSecOps best practices to prevent vulnerabilities that emerge when, for example, Docker application programming interfaces (APIs) are misconfigured. In practice, developers may not have the time or the inclination to master every nuance of security that cybersecurity teams wish they would.
In the wake of a spate of high-profile software supply chain attacks, it’s not clear if organizations will reduce the rate at which they build and deploy applications to allow for more security reviews. Most organizations will not pursue that course because they realize how critical software has become to the business, says Ford. Instead, most organizations will adopt a range of tools to provide better security observability across the software supply chain, he adds.
In the longer term, artificial intelligence (AI) will play a larger role in enabling organizations to better secure those supply chains, but Ford says there will always be a need for a human to ensure applications are actually secure as new threat vectors are either discovered or continue to evolve. The challenge is finding a way to augment those humans at a time when cybersecurity expertise remains chronically in short supply.
In the meantime, developers and cybersecurity teams will need to collaborate more closely to secure software supply chains, adds Ford. In the absence of collaboration, developers won’t have the actionable intelligence required to prioritize fixing one vulnerability over another. In fact, without guidance, continuing to write more code despite its lack of security and hoping someone else will fix it later becomes the path of least resistance.
