Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    DockerCon EU 17 Panel Debates Docker Container Security

    Written by

    Sean Michael Kerner
    Published October 20, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      There are many different security capabilities that are part of the Docker container platform, and there are a number of vendors providing container security offerings. At the DockerCon EU 17 conference in Copenhagen, Denmark, eWEEK moderated a panel of leading vendors—Docker, Hewlett Packard Enterprise, Aqua Security, Twistlock and StackRox—to discuss the state of the market.

      To date, there have been no publicly disclosed data breaches attributed to container usage or flaws. However, that doesn’t mean that organizations using containers have not been attacked. In fact, Wei Lien Dang, product manager at StackRox, said one of his firm’s financial services customers did have a container-related security incident.

      StackRox found a code injection attack on a web-facing service, followed by lateral movement to another internal service. It was clear from StackRox’s investigation that the attackers were looking to do data exfiltration, Dang said.

      Docker as a platform has its own security capabilities that provide a solid foundation for applications to deployed on, according to Nathan McCauley, director of security at Docker Inc. 

      “None of the exploits we have seen had anything to do with the containers,” he said. “The exploits always involved the applications running inside of the container.”

      Even if there is a vulnerable application running in a container, McCauley said the container boundary can help to contain threats and mitigate risks, as the native Docker container boundary provides a degree of segmentation and isolation. 

      The container boundary can also make it more difficult for an attacker to move laterally, causing the attacker to spend more time on an attack. McCauley noted that the security concept of “dwell time” works well in Docker’s favor: The longer an attacker is present inside a network attempting to get data out, the more likely a defender will detect and respond to the attack.

      “One of my sources of great happiness in the space is that there are so many people working on the detection phase,” McCauley said.

      Too Many Security Vendors?

      In response to a question eWEEK asked the panel about whether there are too many vendors in the container security space, Simon Leech, technologist on the EMEA Digital Solutions and Transformations team at HPE, said, “I don’t think there can ever be too many solutions if they are solving the right problems.”

      Leech expanded on his answer by saying that not all the vendors that were on the DockerCon EU stage for the security panel do the same things, and no one vendor does everything that is likely needed. There is also a role that hardware plays in security, he said, which is an area where HPE fits in with its latest generation of servers.

      According to John Morello, CTO of Twistlock, all vendors can learn from each other and see what different approaches are being used. In his view, what differentiates Twistlock from the competition is the completeness of the platform. Twistlock also has a powerful model that can learn and understand the normal behavior of an application to create a baseline that makes it possible to know when something has gone wrong, he added.

      There is a lot of money in container security, Aqua Security Technology Evangelist Liz Rice pointed out. On Sept. 19, Aqua announced that it had raised $25 million in a Series B round of funding, bringing total funding to date for the company to $38.5 million. Twistlock raised $17 million in new funding on April 25, with total funding to date for it now at $30 million. StackRox emerged from stealth mode in July and to date has raised $14 million. 

      Rice agreed with Morello that container security vendors can learn from each other. That said, Aqua Security has its own differentiation as well.

      “Our motto is secure once, deploy anywhere,” Rice said. “So whatever cloud provider you have, you can take your security solution with you.”

      StackRox’s Dang, however, believes there are too many vendors in container security space, saying too many of them overlap with what the Docker platform can do. Customers should understand what the Docker platform already provides for security and then look to outside vendors only for additional capabilities, he said.

      “For the vendors in the space, we need to be focused on solving the deep, complex problems that security teams have,” he said. 

      One way StackRox aims to differentiate itself from its container security competitors is by focusing on chief information security officers (CISOs) and security operations teams to help them to do their jobs and limit attack vectors. 

      “Where stand-alone container security vendors should focus—and where I think the opportunity for us is—[is going] really deep, while the [Docker] platform can go broad with the build and deploy parts of the container life cycle,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Author
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Social iconFacebook
      Social iconLinkedin
      Social iconRSS
      Social iconTwitter
      Social iconYoutube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×