Container security tools and their business benefits | Kaspersky official blog

Container security tools and their business benefits | Kaspersky official blog

/in

Three out of four organizations worldwide use hybrid clouds, and three-quarters of them consider their IT migration and modernization projects to be successful. But what is success — and how does a successful IT project affect the business and capabilities of a company? Authors of the Enterprise Application Modernization: A Journey through Container-Based Cloud Architecture Transformation study tried to answer these questions and to summarize the available information on how the transition to cloud and container infrastructure affected the activities of companies that have made this transformation.

The economic arguments in favor of the transition turned out to be weighty. In the studied organizations, IT operating costs decreased by an average of 31%, and infrastructure costs by 45%, including routine maintenance costs that decreased by 52%. More importantly, for the first time in many years, businesses were able to unburden their IT teams from the tasks of supporting old code, and use their resources for new developments. In large organizations, IT services spend up to 80% of the budget on legacy IT support, and the transition to modern infrastructure not only speeds it up, but also frees up additional personnel for innovation. Software update cycles are ultimately accelerated by 65%, ensuring a quick response to market changes and better satisfaction of user needs. The authors call the transition to container and microservice architectures in the cloud environment, as well as automated assembly lines, the “three pillars” of efficiency that are responsible for all these radical improvements.

Part of the study is devoted to information security issues. Thanks to this, you can see what contribution various information security tools make to improving the efficiency of IT development, and what indicators you should strive for in your organization. We decided to analyze the main principles and tools and explain how they’re implemented in the updated version of Kaspersky Cloud Workload Security.

Automatic application and monitoring of information security policies

A key challenge for IT and information security is maintaining visibility and control over all IT assets, and this task has become more complex with the transition to hybrid cloud infrastructure. The diversity of assets and management tools results in increased costs and time spent on managing this “zoo” for the company. Therefore, unification of management, compliance control, creation and application of policies should be one of the priority goals in IT transformation projects. If the selected set of information security tools is able to solve this problem in the company’s cloud infrastructure, IT and information security services will save 73% of the time spent on policy management and achieving security compliance.

The practical embodiment of this principle can be seen in the new version of Kaspersky Cloud Workload Security, a solution that provides comprehensive protection for container infrastructure, cloud servers, and virtual machines. Several tools at once simplify work with policies and give administrators a centralized overview and control over the entire infrastructure. The security analysis function of the orchestrator and its clusters helps quickly find problems by structuring them by problem type. Automatic container profiling allows you to improve the security policies applied in the infrastructure with minimal human intervention, as well as to find abnormally operating containers for detailed analysis.

The unified cloud console of Kaspersky Hybrid Cloud Security provides an overview of the cloud or hybrid infrastructure, and allows security personal to instantly update policies for large groups of IT assets or simultaneously run tasks on them.

As for virtual and physical servers, the lightweight agent that protects them performs several functions related to compliance and security posture in automatic mode: from automatic patch management and system hardening to detailed event logging and the use of a role-based access control system (RBAC).

Container scanning in the DevSecOps pipeline

Integration of automated cybersecurity checks at all stages of development and operation of an IT product is the key to significantly increasing the level of security while reducing the workload of IT and information security teams and improving all metrics of the IT system’s “health”. Companies that have implemented a comprehensive approach to container security report a 79% reduction in the number of security-related incidents, and the elimination of 94% of known vulnerabilities at the stages before the deployment of the IT system. As a result, it’s possible to reduce the risk of incidents in the operated system by 89%, the risk of failure at the deployment stage by 68%, and at the same time reach a 99.97% level of unification of the configuration of similar containers. The unification is important because scanning containers is used not only to check for component vulnerabilities and malware, but also the for detection of insecure configurations, as well as typical developer errors, such as API keys and other secrets embedded directly in the code. Kaspersky Cloud Workload Security also implements integration with the HashiCorp Vault, allowing you to securely store solution secrets in this secrets manager software. Kaspersky Cloud Workload Security supports control of container image signatures, and integrates all checks directly with the DevOps pipeline, which helps developers not to take malicious and vulnerable images as a basis of their projects, as well as interrupt the process product development if critical security defects are detected. In general, KCWS helps the development team implement a shift-left approach, in which testing and quality assurance are performed at the early stages of development, including verification of APIs, container configurations, and microservice interactions. All this allows you to find and fix errors earlier, reducing the cost of maintaining and testing of the final product.

Effective monitoring of running processes

Despite numerous preliminary checks of images, runtime environments, and other infrastructure components, monitoring running containers, virtual servers, and the computing environment in which all this occurs remains a critical security task. According to the authors of the study, these measures allow detecting 87% of threats in the first half-minute after their occurrence, and preventing 96% of unauthorized access attempts.

Monitoring results in significant costs: additional computing load on cloud services, multiplied by the number of servers and clusters, as well as man-hours of SOC specialists. Therefore, computing and cost efficiency are critical requirements for both the containerization infrastructure itself and its security system.

This aspect is carefully thought out in Kaspersky Cloud Workload Security. For virtual and physical servers, Light Agent technology saves up to 30% of computing resources in a private cloud, and in a container infrastructure, security agents are launched in separate containers to prevent the performance degradation of the entire cluster. The system has excellent scalability and can protect clusters with up to ten thousand nodes.

Savings start right from the installation of the product — from flexible licensing terms adapted to a specific infrastructure, to effective security settings and rules “out of the box” that reduce the time of initial setup significantly.

Rapid incident response

How to prepare for a situation when an attacker has successfully penetrated the system? In this case, the information security team should have playbooks for incident response, and information security systems should provide the necessary tools. In an IT infrastructure equipped with a comprehensive cloud security system, the response time (MTTR), according to research, is reduced by an impressive 71%. The real difference can be seen in the example of a fast ransomware attack: will it be considered a routine information security incident, or a full-scale paralysis of the entire business for several days or weeks?

To simplify response, the new version of Kaspersky Cloud Workload Security has a container forensic function that permits investigating policy violations and gaining deeper insight into both specific violating events and events that occurred in a close time frame. Event logs in a running container have additional fields that are often needed when investigating an incident. Protection and logging are also carried out on the orchestrator nodes. In addition, event logs can now be sent directly from agents to SIEM systems. Comprehensive logging simplifies detection of the source of an attack, helps compare events that are registered during this attack, or detects vulnerabilities and other risks.

The transition to container and cloud infrastructures usually begins with economic necessity and the requirements of a competitive market. But in order to successfully make the transition and get the promised benefits, it’s important not to outweigh them by creating new high cyber-risks, or implementing an information security approach that will be economically ineffective. These negative scenarios can be avoided by implementing a comprehensive and well-scalable cloud security system, such as Kaspersky Cloud Workload Security.

Kaspersky official blog – ​Read More