Monday, January 12, 2026
Cloud Native Now

Cloud Native Now


MENUMENU
  • Home
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand
  • Podcasts
    • Cloud Native Now Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • About
  • Sponsor
MENUMENU
  • News
    • Latest News
    • News Releases
  • Cloud-Native Development
  • Cloud-Native Platforms
  • Cloud-Native Networking
  • Cloud-Native Security
Containers Features Kubernetes Social - Facebook Social - LinkedIn Social - X Topics 

BellSoft’s 3-in-1 Strategy for Container Security

November 11, 2025 Jeff Burt 3-in-1 approach, AI threats, Chainguard, cloud native security, cloud security, container hardening, container incidents, container security, container vulnerabilities, containerized applications, CVE remediation, distroless containers, hardened containers, Hardened Images, Java runtime optimization, kubernetes, lightweight Linux, regulatory compliance, runtime security, secure container images, secure DevOps, software supply chain, Vulnerability Management
by Jeff Burt

Containers have made life a lot easier for programmers, making application development portable and solving what cybersecurity firm SentinelOne calls the “it only works in my machine” problem. Given that, it’s not surprising that container adoption among developers continues to grow rapidly. 

But with that popularity comes attention from threat actors looking to exploit container use and the inherent weaknesses in them. NetRise found that two-thirds of organizations in 2024 experienced a container-related security incident, while a Red Hat study said a typical container image carries more than 600 known vulnerabilities, almost half of which are years old.  

Techstrong Gang Youtube

In addition, Datadog researchers found that 44% of Java services contain security flaws that have been exploited. 

“The adoption of container technology is rapidly growing, largely because it is lightweight and easy to manage,” NetRise CEO Thomas Pace said late last year. “However, while containers have changed how many modern applications are designed, deployed, and managed, they appear to be among the weakest cybersecurity links in the software supply chain.” 

Hardened Images 

BellSoft is rolling out Hardened Images, a tool for improving the security of containerized applications in Kubernetes by removing package managers and non-essential components, which the company said will reduce vulnerabilities and limit the attack vectors. They also include a locked configuration that can’t be modified, which keeps attackers from injecting malware or tampering with the runtime environment. 

“Our solution addresses seemingly an impossible task,” BellSoft CEO Alex Belokrylov told Cloud Native Now. “From now on, we can provide a foundation that can be trusted and depended on for years.” 

It’s part of a trend by vendors to ensure the security of containers by removing unnecessary elements that can open them up to security threats. For example, Chainguard has a growing list of its own images in a repository that gives developers access to hardened container images that are free of known-exploited vulnerabilities. 

Not a New Problem 

“This isn’t a new problem,” Belokrylov said. “The industry has been addressing it for decades through various approaches: lightweight Linux distributions, distroless images, and now hardened containers. Each represents an evolution in our collective effort to build more secure systems. What’s fundamentally different today is the convergence of three forces that are transforming this from a technical challenge into a strategic solution.” 

Those forces include global regulatory frameworks that require organizations to ensure unprecedented levels and security accountability and a threat landscape being remade by AI. 

“Vulnerability exploitation that once took weeks or months now happens in days or even hours,” the CEO said. “We’re in a time-based competition, and the clock is accelerating.” 

He added that “large enterprises find themselves in an increasingly untenable position: growing codebases, aging legacy systems, and expanding regulatory requirements, all while the threat environment becomes more sophisticated.” 

Security and Performance 

Bellsoft’s Hardened Images are based on what the vendor calls its “3-in-1” approach that delivers complete security and performance coverage via Java runtime optimization, custom maintenance for the vendor’s Alpaquita Linux OS, and proactive remediation of common vulnerabilities and exposures (CVEs). 

The strategy separates BellSoft from a growing field of firms with container security solutions, Belokrylov said. Most of them focus on vulnerability detection and remediation; a solution also needs to be able to fix bugs, which requires deep expertise in the runtime OS and an understanding of how components fundamentally interact, which he said BellSoft has. 

“That kind of expertise makes the difference when you need actual fixes, not just randomly available patches,” he said.  

A Unified Approach 

However, a challenge is that when an urgent fix is needed, the runtime support can come from one vendor and the hardened images from another, which raises such questions as who validates compatibility and who’s accountable if something breaks. BellSoft’s 3-in-1 approach means the vendor provides support for the Liberica JDK runtime and Alpaquita Linux OS. 

“When an issue emerges, there’s no finger-pointing between different vendors, no integration challenges, no question about who owns the solution,” Belokrylov said. “We do. This represents a shift from the fragmented approach that has dominated the market. From now on, there is an integrated solution built on deep runtime expertise, with clear accountability from day one.”

  • Click to share on X (Opens in new window) X
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Reddit (Opens in new window) Reddit

Related

  • ← Buoyant to Add MCP Support to Linkerd Service Mesh
  • CNCF: Total Number of Cloud Native Developers Reaches 15.6M →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

UPCOMING WEBINARS

  • CloudNativeNow.com
  • DevOps.com
  • SecurityBoulevard.com
Solving Virtualization Dilemmas with Dell, Red Hat and Intel
4 February 2026
Solving Virtualization Dilemmas with Dell, Red Hat and Intel
State of Cloud Security: The Speed of AI, The Consolidation of Defense, and The Future of the SOC
13 January 2026
State of Cloud Security: The Speed of AI, The Consolidation of Defense, and The Future of the SOC
Agentic AI vs. Identity’s Last Mile Problem
28 February 2026
Agentic AI vs. Identity’s Last Mile Problem
A Follow-Up Session: The Five Most Dangerous New Attack Techniques…and What to Do for Each
28 February 2026
A Follow-Up Session: The Five Most Dangerous New Attack Techniques…and What to Do for Each
Protect Your SDLC From Risky And Malicious third party (from packages to models and more)
26 February 2026
Protect Your SDLC From Risky And Malicious third party (from packages to models and more)
From Click to Compromise: Stopping Business Email Compromise at the Human and Identity Layer
19 February 2026
From Click to Compromise: Stopping Business Email Compromise at the Human and Identity Layer
The Compliance Paradox: Why More Rules Mean Faster Releases
3 February 2026
The Compliance Paradox: Why More Rules Mean Faster Releases
The Brass Ring of AppSec: Is AI Finally Making DAST to SAST Correlation Possible?
3 February 2026
The Brass Ring of AppSec: Is AI Finally Making DAST to SAST Correlation Possible?

Podcast


Listen to all of our podcasts

Press Releases

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Deloitte Partners with Memcyco to Combat ATO and Other Online Attacks with Real-Time Digital Impersonation Protection Solutions

Deloitte Partners with Memcyco to Combat ATO and Other Online Attacks with Real-Time Digital Impersonation Protection Solutions

SUBSCRIBE TO CNN NEWSLETTER

MOST READ

Flare Finds 10,000 Docker Hub Images Exposing Secrets

December 16, 2025

Best of 2025: How Anthropic Dogfoods On Claude Code 

January 2, 2026

Docker, Inc. Adds More Than a Thousand Free Hardened Container Images

December 17, 2025

Best of 2025: Hardening Kubernetes Security with DevSecOps Practices

December 31, 2025

Best of 2025: Why Kubernetes 1.33 Is a Turning Point for MLOps — and Platform Engineering

December 22, 2025

RECENT POSTS

Kubernetes v1.35 Arrived, Right On Workload-Aware Schedule
Cloud-Native Development Features Kubernetes Social - Facebook Social - LinkedIn Social - X 

Kubernetes v1.35 Arrived, Right On Workload-Aware Schedule

January 12, 2026 Adrian Bridgwater 0
Predict 2026: AI is Forcing Cloud Native to Grow Up
Features News Social - Facebook Social - LinkedIn Social - X 

Predict 2026: AI is Forcing Cloud Native to Grow Up

January 9, 2026 Alan Shimel 0
Autonomous Patching for Cloud-Native Workloads
Video Interviews 

Autonomous Patching for Cloud-Native Workloads

January 7, 2026 Alan Shimel 0
From Cloud First to Cloud Fit: Rethinking Where Workloads Belong
Video Interviews 

From Cloud First to Cloud Fit: Rethinking Where Workloads Belong

January 7, 2026 Alan Shimel 0
Running Kubernetes in Production: Practical Lessons From the Field
Contributed Content Kubernetes Social - Facebook Social - LinkedIn Social - X 

Running Kubernetes in Production: Practical Lessons From the Field

January 6, 2026 Sai Ram Nadipalli 0
  • About
  • Media Kit
  • Sponsor Info
  • Write for Cloud Native Now
  • Copyright
  • TOS
  • Privacy Policy
Powered by Techstrong Group
Copyright © 2026 Techstrong Group, Inc. All rights reserved.
×