DEVOPSdigest

VMware unveiled new container runtime security capabilities that build upon a strong end-to-end security offering to help customers better secure modern applications at scale.

VMware’s portfolio of security solutions for modern applications spans the entire application lifecycle and leverages the company’s deep expertise in workloads, security, and Kubernetes.

Containerized applications present unique runtime security challenges, including how to only allow legitimate traffic in, how to enable least-privileged communications between services and defend against the lateral movement of attackers, and how to validate that the workload itself is operating within the expected guardrails. VMware provides customers with a robust end-to-end security offering that addresses these challenges at the edge, in the microservices network layer, and in the workload itself. This gives organizations greater visibility and control over both their overall security posture as well as the compliance of their containerized applications for improved protection from development to production.

“At VMware, we aspire to be the best in the world at protecting applications from within,” said Tom Gillis, SVP and GM, Networking and Advanced Security Business Group, VMware. “Protecting the runtime is the foundation of securing the inner workings of a modern application. With the introduction of container runtime protection, our end-to-end security offering is now tightly integrated across the entire application lifecycle, protects all east-west traffic, and brings a new level of distributed visibility and security to APIs.”

As threat actors increasingly launch attacks targeting containers, 97 percent of technology leaders surveyed by VMware say they have concerns about Kubernetes security, and 1 in 5 cite securing containerized workloads at runtime as their biggest concern1. To help customers stay one step ahead of attackers, VMware is adding container runtime protection capabilities to enhance its end-to-end security offering for cloud-native workloads. These capabilities build upon the VMware Carbon Black Container solution released in April 2021.

VMware’s new container runtime security capabilities include:

- Runtime cluster image scanning enables security and DevOps teams to automate runtime vulnerability scanning and customize policies to reduce risk and ensure images used in running containers are secure. This expansion for image scanning capabilities allows for images to be scanned in Kubernetes clusters, whether they are on-premises or in the cloud.

- Integrated alerts dashboard provides a single pane of glass for security teams to view events and address anomalies in their runtime environment, and enable faster investigation and correlation of events from both host and container layers.

- Kubernetes visibility mapping allows DevOps and security teams to quickly understand the architecture of an application that was set pre-deployment to better identify egress destination connections, potential workload policy violations, and vulnerable images.

- Workload anomaly detection leverages artificial intelligence to standardize networking modules and alert SecOps teams on any deviation from that module, which is critical when setting up new workloads.

- Egress and ingress security provide security teams with added visibility into the external source that is reaching out to the Kubernetes service and easier detection of malicious egress connectivity based on the IP address and the behavioral data.

- Threat detection allows customers to scan open ports to check for vulnerabilities and quickly see if there is a lateral attack in progress. If an attacker tries to exploit a vulnerability to find the next lateral move, the internal port scan and egress port scan will raise an alert.

Attackers often attempt to hide in the noise of an environment, so container runtime security helps to reduce the noise and alert on real, active events, or block the events immediately while minimizing impact to the application and user experience. By consolidating these events to a single dashboard, security teams can accelerate their investigation into incidents impacting endpoints, virtual machine workloads, and containerized workloads. This provides VMware’s customers with a better understanding their overall security posture while reducing alert fatigue, effectively managing risk, and easing enforcement of compliance.