Containers Raise the Bar for Zero Trust Security
The Zero Trust model first introduced by Forrester Research, works on an assumption that any component irrespective of where it resides with respect to the perimeter can be malicious. It works on a model of “never trust, always verify”
Containers are the next phase in the evolution of infrastructure after bare metal servers and virtual machines.
Defining Characteristics of Containers
- Ephemeral– The average lifetime of a container is a few minutes. In such a fleeting world it is hard to gauge identity of communication, which makes trust harder
- Developer Centric– Containers enable the adoption of microservices and a developer centric ecosystem where applications are built & deployed at an increasing pace. With such a fast-changing application model, building trust is hard
- Open Source– while the adoption of Open Source has been widespread, it is even more pervasive in the container ecosystem. This raises the question of trust when the ecosystem components themselves may not be trusted
The vast adoption of microservices and containers raise the bar for the Zero Trust model. Zero Trust now needs to extend from endpoints, users and applications to nano-units of applications and containers; processes and their behavior, independent of where and how long the container runs
This new approach to Zero Trust requires an identity for containers and its components, again, independent of where they run. An identity that provides granular contextual visibility and behavioral nano-segmentation (more on this later) at the application process level, and control and reporting on all application and system level process interactions within a container.
MVISION Cloud brings a nano-segmentation approach to Container Security, by understanding the behavior of every process in a container. MVISION Cloud then models their behavior to identify normal across versions and environments, even before containers are deployed in production environments. As containers are ephemeral deviations from the model across versions and environments, they can be used to detect anomalies and prevent attacks
MVISION Cloud is able to identify and stop any command and control communication in the open source software that may otherwise go undetected or prevent lateral movement in case of compromised components.
In Summary, MVISION Cloud opens a new dimension to application security in QA/Dev and production environments by providing actionable insights, enabling intended legitimate process flows and preventing potential backdoors in the open source software.
About the Author
Categories: Cloud Security