Containers Raise the Bar for Zero Trust Security

By on Oct 17, 2019

Containers Raise the Bar for Zero Trust Security

The Zero Trust model first introduced by Forrester Research, works on an assumption that any component irrespective of where it resides with respect to the perimeter can be malicious. It works on a model of “never trust, always verify”

Containers are the next phase in the evolution of infrastructure after bare metal servers and virtual machines.

Defining Characteristics of Containers

  1. Ephemeral– The average lifetime of a container is a few minutes. In such a fleeting world it is hard to gauge identity of communication, which makes trust harder
  2. Developer Centric– Containers enable the adoption of microservices and a developer centric ecosystem where applications are built & deployed at an increasing pace. With such a fast-changing application model, building trust is hard
  3. Open Source– while the adoption of Open Source has been widespread, it is even more pervasive in the container ecosystem. This raises the question of trust when the ecosystem components themselves may not be trusted

The vast adoption of microservices and containers raise the bar for the Zero Trust model. Zero Trust now needs to extend from endpoints, users and applications to nano-units of applications and containers; processes and their behavior, independent of where and how long the container runs

This new approach to Zero Trust requires an identity for containers and its components, again, independent of where they run. An identity that provides granular contextual visibility and behavioral nano-segmentation (more on this later) at the application process level, and control and reporting on all application and system level process interactions within a container.

MVISION Cloud brings a nano-segmentation approach to Container Security, by understanding the behavior of every process in a container. MVISION Cloud then models their behavior to identify normal across versions and environments, even before containers are deployed in production environments. As containers are ephemeral deviations from the model across versions and environments, they can be used to detect anomalies and prevent attacks

MVISION Cloud is able to identify and stop any command and control communication in the open source software that may otherwise go undetected or prevent lateral movement in case of compromised components.

In Summary, MVISION Cloud opens a new dimension to application security in QA/Dev and production environments by providing actionable insights, enabling intended legitimate process flows and preventing potential backdoors in the open source software.

About the Author

McAfee Cloud BU

Learn about cloud threats, the latest cloud security technologies, and the leading approaches for protecting data in cloud services.

Read more posts from McAfee Cloud BU

Categories: Cloud Security

Subscribe to McAfee Securing Tomorrow Blogs