SlideShare a Scribd company logo
ARE YOUR CONTAINERS
AS SECURE AS YOU THINK?
October 17, 2018
Your Speakers
Matthew Harkrider
Alert Logic
Sr Technical Product Manager
John Norden
Alert Logic
Release Director
Tyson Malik
Rent-A-Center
Sr. Manager,
DevOps/Cloud Release &
Middleware Engineering
Agenda
• The Alert Logic Container Journey
• Why is Network IDS So Critical?
• Considerations for a Strong
Container Security Program
• Q&A with XXX
THE ALERT LOGIC
CONTAINER SECURITY
JOURNEY
Our Container Journey
• Overall infrastructure spend was
a problem for Alert Logic and
the overall cost to run was
growing
• Deployment time for
microservices were taking
entirely too long and it was
having a negative impact on our
continuous deployment velocity
Why Containers?
• Allowed us to simplify our architecture to a true microservices
model
• Containerized microservices allowed us to GREATLY reduce our
footprint resulting in considerable savings on infrastructure
• Moving to containers allowed us to reduce our deployment
time significantly
• Allowed us to truly embrace auto-scale workloads
But, now we had to secure it…
Securing Our Workload Requirements
• Had to be simple and fit within our
continuous deployment model - absolutely
no friction to introduce security
• Had to be deployed just like any other
container in our ecosystem
• Had to provide security value immediately
upon deployment
The Alert Logic al-agent-container was born
WHY IS NETWORK
INTRUSION DETECTION
SO CRITICAL?
Why Network IDS?
• Network IDS analyzes
network traffic from the
base host and the network
traffic to, from, and between
containers.
• Way to peer into your
containerized workloads and
see what’s really going on in
real time. Without it, you
have a critical blind spot.
Monitor and Analyze All the Traffic
• Binds to docker0 on the host
• Any communication to the
container is captured and
analyzed
• Provides a simple mechanism
to monitor multi-directional
traffic
Part of a Layered Container Defense Model
• Network intrusion detection
• Container application log management
• Network traffic monitoring
• Container process managing
• Container vulnerability scanning
• Configuration management
How Network IDS Detected a Container Attack
Insecure Default Configuration
Breach Timeline
CONSIDERATIONS FOR
A STRONG CONTAINER
SECURITY PROGRAM
Container Security Considerations
PERMISSIONS
As with any software, we want to run our container process
using the lowest privileges possible.
IDS/LOG MONITORING, AUTOMATION & ACTION PLANS
You should always keep an eye on what is going on in your
environment and have predetermined action plans on what
to do should there be a service interruption.
Container Security Considerations
GET THE RIGHT EXPERTS ON YOUR SIDE
If you don’t have container security expertise on your
team, look for a way to augment your internal resources.
Better yet, find someone who can help prioritize, escalate
what matters, and offer remediation advice.
PORTABILITY IS KEY
Make sure your approach operates across multiple
platforms so you can securely manage containers across
platforms, in hybrid environments, and on-premises.
Container Security Considerations
REGULAR BACKUPS
Always create backups at important time intervals, such
as before updates or any major development changes.
TRUSTED SOFTWARE ONLY
Pull images only from well known, trusted repositories. It
may be tempting to pull an image from an unknown
repository. Don’t!
Container Security Considerations
LIMIT SYSTEM RESOURCES
Using container orchestration frameworks like Docker
Swarm and Kubernetes you can limit memory allocation,
and help reduce DOS attacks and general resource hogging.
A HEALTHY HOST IS A HAPPY HOST
Focusing on your container health is great, but don’t
forget to keep your main host up-to-date and healthy
with periodic restarts.
Container Security Considerations
THINK BIG PICTURE SECURITY
Whether you’re using containerization for development or
running production servers for ecommerce, outline your
goals and security posture before you make any moves.
JOIN A COMMUNITY FORUM
Docker, AWS, Azure, kubernetes, etc. have their own
support forums and there are great independent forums
(like containerjournal.com!). Find a community and join
the conversation.
Want to Learn More?
Download the
Container Security
Best Practices Guide &
Workbook at:
https://www.alertlogic.com/containers
Q&A WITH XXX
Q&A with Tyson Malik
Tyson Malik
Senior Manager
DevOps / Cloud Release
& Middleware Engineering
Thank you.

More Related Content

PDF
From Zero to Hero: Continuous Container Security in 4 Simple Steps
PDF
All Your Containers Are Belong To Us
PDF
Rugged DevOps: Bridging Security and DevOps
PPTX
Get Your **IT Together: Discover & Organize Your IT Assets
PDF
DCSF19 Containerized Databases for Enterprise Applications
PDF
Practical Guide to Securing Kubernetes
PDF
Application Deployment and Management at Scale with 1&1 by Matt Baldwin
PPTX
CloudStack Secured
From Zero to Hero: Continuous Container Security in 4 Simple Steps
All Your Containers Are Belong To Us
Rugged DevOps: Bridging Security and DevOps
Get Your **IT Together: Discover & Organize Your IT Assets
DCSF19 Containerized Databases for Enterprise Applications
Practical Guide to Securing Kubernetes
Application Deployment and Management at Scale with 1&1 by Matt Baldwin
CloudStack Secured

What's hot (20)

PPTX
Kube Apps in action
PDF
Container Security Essentials
PDF
DockerCon EU 2015: Monitoring Docker
PDF
App sec in the time of docker containers
PDF
Terrascan - Cloud Native Security Tool
PPTX
Equifax cyber attack contained by containers
PPTX
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
PDF
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
PDF
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
PDF
Cloud Native Networking for Containers in AWS using CNI Plugins
PPTX
AWS Security Strategy
PDF
ISACA SV Chapter: Securing Software Supply Chains
PDF
Kubernetes security
PDF
EVE Microservices Platform
PPTX
Docker & Apcera Better Together
PPTX
Automating AWS Security with Serverless Technology
PDF
Cloud Native Security: New Approach for a New Reality
PPT
Microsoft.Virtualization.Technologies Son Vu
PDF
Azure Penetration Testing
PDF
Choosing PaaS: Cisco and Open Source Options: an overview
Kube Apps in action
Container Security Essentials
DockerCon EU 2015: Monitoring Docker
App sec in the time of docker containers
Terrascan - Cloud Native Security Tool
Equifax cyber attack contained by containers
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Cloud Native Networking for Containers in AWS using CNI Plugins
AWS Security Strategy
ISACA SV Chapter: Securing Software Supply Chains
Kubernetes security
EVE Microservices Platform
Docker & Apcera Better Together
Automating AWS Security with Serverless Technology
Cloud Native Security: New Approach for a New Reality
Microsoft.Virtualization.Technologies Son Vu
Azure Penetration Testing
Choosing PaaS: Cisco and Open Source Options: an overview
Ad

Similar to Are Your Containers as Secure as You Think? (20)

PDF
Docker Containers Security
PPTX
Understanding docker ecosystem and vulnerabilities points
PDF
Immutable Infrastructure Security
PPTX
Webinar : Docker in Production
PPTX
AWS TechConnect 2018 - Container Adoption
PDF
Owasp appsec container_security_supply_chain
PPTX
ThatConference 2016 - Highly Available Node.js
PDF
Dockers and kubernetes
PPTX
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
PDF
Journey to the devops automation with docker kubernetes and openshift
PDF
Securing the container DevOps pipeline by William Henry
PDF
Demystifying Containerization Principles for Data Scientists
PDF
Here Be Dragons: Security Maps of the Container New World
PDF
How to Leverage Containerization in Cloud Software Development.pdf
PDF
56k.cloud training
PDF
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-08
PDF
Docker Enterprise Deployment Planning
PDF
Strategy, planning and governance for enterprise deployments of containers - ...
PPTX
Understanding container security
PPTX
Webinar Docker Tri Series
Docker Containers Security
Understanding docker ecosystem and vulnerabilities points
Immutable Infrastructure Security
Webinar : Docker in Production
AWS TechConnect 2018 - Container Adoption
Owasp appsec container_security_supply_chain
ThatConference 2016 - Highly Available Node.js
Dockers and kubernetes
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
Journey to the devops automation with docker kubernetes and openshift
Securing the container DevOps pipeline by William Henry
Demystifying Containerization Principles for Data Scientists
Here Be Dragons: Security Maps of the Container New World
How to Leverage Containerization in Cloud Software Development.pdf
56k.cloud training
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-08
Docker Enterprise Deployment Planning
Strategy, planning and governance for enterprise deployments of containers - ...
Understanding container security
Webinar Docker Tri Series
Ad

More from DevOps.com (20)

PDF
Modernizing on IBM Z Made Easier With Open Source Software
PPTX
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
PPTX
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
PDF
Next Generation Vulnerability Assessment Using Datadog and Snyk
PPTX
Vulnerability Discovery in the Cloud
PDF
2021 Open Source Governance: Top Ten Trends and Predictions
PDF
A New Year’s Ransomware Resolution
PPTX
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
PDF
Don't Panic! Effective Incident Response
PDF
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
PDF
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
PDF
Monitoring Serverless Applications with Datadog
PDF
Deliver your App Anywhere … Publicly or Privately
PPTX
Securing medical apps in the age of covid final
PDF
How to Build a Healthy On-Call Culture
PPTX
The Evolving Role of the Developer in 2021
PDF
Service Mesh: Two Big Words But Do You Need It?
PPTX
Secure Data Sharing in OpenShift Environments
PPTX
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
PDF
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Modernizing on IBM Z Made Easier With Open Source Software
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Next Generation Vulnerability Assessment Using Datadog and Snyk
Vulnerability Discovery in the Cloud
2021 Open Source Governance: Top Ten Trends and Predictions
A New Year’s Ransomware Resolution
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Don't Panic! Effective Incident Response
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Monitoring Serverless Applications with Datadog
Deliver your App Anywhere … Publicly or Privately
Securing medical apps in the age of covid final
How to Build a Healthy On-Call Culture
The Evolving Role of the Developer in 2021
Service Mesh: Two Big Words But Do You Need It?
Secure Data Sharing in OpenShift Environments
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
PDF
Advanced IT Governance
PDF
KodekX | Application Modernization Development
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
PDF
NewMind AI Weekly Chronicles - August'25 Week I
PPTX
Big Data Technologies - Introduction.pptx
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
PPTX
Understanding_Digital_Forensics_Presentation.pptx
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
PPT
Teaching material agriculture food technology
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
PDF
Machine learning based COVID-19 study performance prediction
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
PDF
Electronic commerce courselecture one. Pdf
Spectral efficient network and resource selection model in 5G networks
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
Advanced IT Governance
KodekX | Application Modernization Development
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
GamePlan Trading System Review: Professional Trader's Honest Take
NewMind AI Weekly Chronicles - August'25 Week I
Big Data Technologies - Introduction.pptx
Per capita expenditure prediction using model stacking based on satellite ima...
Advanced methodologies resolving dimensionality complications for autism neur...
Understanding_Digital_Forensics_Presentation.pptx
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Teaching material agriculture food technology
Diabetes mellitus diagnosis method based random forest with bat algorithm
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
Machine learning based COVID-19 study performance prediction
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
Electronic commerce courselecture one. Pdf

Are Your Containers as Secure as You Think?

  • 1. ARE YOUR CONTAINERS AS SECURE AS YOU THINK? October 17, 2018
  • 2. Your Speakers Matthew Harkrider Alert Logic Sr Technical Product Manager John Norden Alert Logic Release Director Tyson Malik Rent-A-Center Sr. Manager, DevOps/Cloud Release & Middleware Engineering
  • 3. Agenda • The Alert Logic Container Journey • Why is Network IDS So Critical? • Considerations for a Strong Container Security Program • Q&A with XXX
  • 4. THE ALERT LOGIC CONTAINER SECURITY JOURNEY
  • 5. Our Container Journey • Overall infrastructure spend was a problem for Alert Logic and the overall cost to run was growing • Deployment time for microservices were taking entirely too long and it was having a negative impact on our continuous deployment velocity
  • 6. Why Containers? • Allowed us to simplify our architecture to a true microservices model • Containerized microservices allowed us to GREATLY reduce our footprint resulting in considerable savings on infrastructure • Moving to containers allowed us to reduce our deployment time significantly • Allowed us to truly embrace auto-scale workloads But, now we had to secure it…
  • 7. Securing Our Workload Requirements • Had to be simple and fit within our continuous deployment model - absolutely no friction to introduce security • Had to be deployed just like any other container in our ecosystem • Had to provide security value immediately upon deployment The Alert Logic al-agent-container was born
  • 8. WHY IS NETWORK INTRUSION DETECTION SO CRITICAL?
  • 9. Why Network IDS? • Network IDS analyzes network traffic from the base host and the network traffic to, from, and between containers. • Way to peer into your containerized workloads and see what’s really going on in real time. Without it, you have a critical blind spot.
  • 10. Monitor and Analyze All the Traffic • Binds to docker0 on the host • Any communication to the container is captured and analyzed • Provides a simple mechanism to monitor multi-directional traffic
  • 11. Part of a Layered Container Defense Model • Network intrusion detection • Container application log management • Network traffic monitoring • Container process managing • Container vulnerability scanning • Configuration management
  • 12. How Network IDS Detected a Container Attack
  • 15. CONSIDERATIONS FOR A STRONG CONTAINER SECURITY PROGRAM
  • 16. Container Security Considerations PERMISSIONS As with any software, we want to run our container process using the lowest privileges possible. IDS/LOG MONITORING, AUTOMATION & ACTION PLANS You should always keep an eye on what is going on in your environment and have predetermined action plans on what to do should there be a service interruption.
  • 17. Container Security Considerations GET THE RIGHT EXPERTS ON YOUR SIDE If you don’t have container security expertise on your team, look for a way to augment your internal resources. Better yet, find someone who can help prioritize, escalate what matters, and offer remediation advice. PORTABILITY IS KEY Make sure your approach operates across multiple platforms so you can securely manage containers across platforms, in hybrid environments, and on-premises.
  • 18. Container Security Considerations REGULAR BACKUPS Always create backups at important time intervals, such as before updates or any major development changes. TRUSTED SOFTWARE ONLY Pull images only from well known, trusted repositories. It may be tempting to pull an image from an unknown repository. Don’t!
  • 19. Container Security Considerations LIMIT SYSTEM RESOURCES Using container orchestration frameworks like Docker Swarm and Kubernetes you can limit memory allocation, and help reduce DOS attacks and general resource hogging. A HEALTHY HOST IS A HAPPY HOST Focusing on your container health is great, but don’t forget to keep your main host up-to-date and healthy with periodic restarts.
  • 20. Container Security Considerations THINK BIG PICTURE SECURITY Whether you’re using containerization for development or running production servers for ecommerce, outline your goals and security posture before you make any moves. JOIN A COMMUNITY FORUM Docker, AWS, Azure, kubernetes, etc. have their own support forums and there are great independent forums (like containerjournal.com!). Find a community and join the conversation.
  • 21. Want to Learn More? Download the Container Security Best Practices Guide & Workbook at: https://www.alertlogic.com/containers
  • 23. Q&A with Tyson Malik Tyson Malik Senior Manager DevOps / Cloud Release & Middleware Engineering