Deepfence Adds Managed Service to Secure Runtime Environments
Deepfence today at the KubeCon + CloudNativeCon Europe 2022 conference unveiled a managed cloud service through which IT teams can discover vulnerabilities in runtime environments.
Owen Garrett, head of products and community for Deepfence, says Deepfence Cloud is based on the ThreatStryker platform the company built to observe indicators of attack and compromises within runtime environments. Deepfence Cloud makes it simpler for IT teams to invoke that capability without having to set up their own IT infrastructure, he adds.
ThreatStryker is designed to discover all running containers, processes and online hosts that are then surfaced in real-time via an interactive color-coded view of the topology. It employs deep inspection tools to identify vulnerable components and examines file systems and processes to find network-related misconfigurations. ThreatStryker also assesses compliance using a variety of industry and community standard benchmarks.
Over time, events are classified and correlated against known vulnerabilities and suspicious patterns of behavior, in order to detect active threats and minimize false positives. When suspicious patterns of behavior are detected, the intent of the behavior is deduced and tainted workloads are deleted, frozen or restarted, sources of attack traffic are temporarily or permanently blocked and alerts are generated.
ThreatStryker itself is built on the Deepfence ThreatMapper, an open source security observability platform. It extends ThreatMapper using a real-time correlation engine that matches the threat map with real-time telemetry.
In general, Garrett says, organizations are attempting to improve their overall cybersecurity posture by shifting responsibility for security toward developers while simultaneously automating security operations processes. In effect, responsibility for cybersecurity is being shifted both further left and right, he says. The challenge they face is that, as microservices-based applications are constructed using containers, runtime environments have become both more varied and complex, Garrett adds. Deepfence Cloud eases that challenge by making it simpler to identify which issues to address first within the context of a set of DevSecOps workflows, he notes.
It’s not clear to what degree IT organizations are embracing DevSecOps best practices to better secure runtime environments. However, there is now more pressure than ever to secure software supply chains in the wake of a series of high-profile security breaches. The core issue is that, in many cases, these runtimes are being provisioned by developers that typically have limited cybersecurity expertise. The odds a mistake will be made only increase as the overall IT environment becomes more complex.
In theory, of course, containerized applications should be more secure than legacy monolithic applications. After all, it’s easier to rip and replace a container that has a vulnerability than it is to patch an entire monolithic application. However, identifying all the instances of containers that might inadvertently have encapsulated a known vulnerability is difficult.
Unfortunately, cybercriminals are getting more adept at looking for vulnerabilities in container runtimes. After all, from their perspective, any application built using container runtimes is likely to be a high-value target that might present an opportunity to compromise a whole range of downstream application services.