Container Security 2021

  • Post author:

With 2020 (thankfully) coming to a close, it’s time to focus on 2021. The world took a financial bullet from the Coronavirus, which leaves bad actors hungry. Sketchy people and shady organizations will be doing everything in their power to get money. That means every company, big or small, needs to take their cybersecurity seriously, even if they believe their security is air tight. 

If you’re still wondering about how all of this works, think of it this way: It’s about access. 

An attacker will do their best to break in and access resources. Even if you’re positive your network, along with internal frameworks, are secure, security requirements for cloud-native and cloud-friendly applications are on the rise. These include containers and orchestration platforms in the public, private, and hybrid cloud. Security and risk management leaders must address these security requirements for visibility, prevention, response, and compliance.

Containers are essential because of the continuous integration (CI) pipeline to deploy microservice based applications to Kubernetes clusters. There are many web applications hosted in containers, but a lot of companies haven’t jumped on board, and that’s a problem. It leaves open the door to hostile access.

According to Gitlab’s 2020 Global DevSecOps Survey, enterprise companies need to step their game up; otherwise, their hosting environments could fall under fire. If you’ve ever heard of the Cyber Kill Chain, consider this one of the next evolutionary steps within the process for next-level security – something any vendor or a large company with a lot to lose – can’t lose. The Cyber Kill Chain is one tool we leverage to slam the door shut as tightly as possible.

A successful breach isn’t one-size-fits-all, though. They rely on different methods to establish their attack. Gaining access to a host application can be as easy as exploiting credential exposure.

Credential exposure and the supply chain attack

The first step in a credential-based attack is stealing credentials, credentials like usernames and passwords. Credential exposure is when that credential information can be viewed by people who are not supposed to see it. 

One way that attackers determine if there is credential exposure is that they used malformed queries from their computer to see if your web application sanitizes its inputs. If it doesn’t, they can use credential exposure to make the application cough up data.

For example, someone on your team left critical credential data in a code repository. It happens, it’s an honest mistake. But it’s also accessible. This error could open up a lot of backdoors for someone sneaking around. And it happens more than you would expect.

Now, the attack has credentials that allow access. The attacker knows the application is vulnerable to remote code execution.  

In real-time, the attack looks like this: The attacker delivers and executes their exploit. Because the application has been compromised, arbitrary content, usually malicious code, will be written into the container file system.

If that code spawns, there will be a reverse shell, which connects the attacker to your system. If this happens, malicious code hits the container’s file system, which exposes the container even more, and could escalate. 

What can companies do to protect themselves? The easy answer? Work with us. 

We’ve been in the cybersecurity space for decades. We offer a system test that addresses enterprises’ security requirements due to the cloud-native container workload and orchestration associated with it. We focus on the critical aspects of workload visibility, threat prevention, and response. We’re dedicated to compliance within industry standards via empirical data that fit use cases and workflow that Devops and Secops undergo routinely.

SecureIQLab has developed a workflow that maps the ATT&CK Framework, which enterprises can operationalize by integrating our test data.

We’re well aware a lot of companies promise the moon and stars. We’re not them. We base all of our conclusions on data, not slick marketing campaigns. Our testing highlights each vendor’s strengths and weaknesses on each mentioned above factor, not just threats. We believe in aligning the workflow so that Dev-ops and Sec-ops are ongoing. Enterprises have little to no visibility within workload-centric attacks on cloud deployment. Embracing methodology helps enterprises with buying decisions, operationalizing the workflow coming out of tests while incorporating findings into cloud protection portfolios.

If you’d like to learn more about how SecureIQLab can help your company. Send us a message, and let’s get you safe, sound, and secure. Let’s get the new year off to a good start.