Advanced Computing in the Age of AI | Saturday, January 29, 2022

Another IT Security Deal Targets Docker Containers 


As enterprises seek ways to nail down IT security for a growing list of open-source infrastructure distributions, the security sector is moving toward critical mass with an increasing number of acquisitions.

This week's deal between software license optimization vendor Flexera Software and security and compliance specialist Palamida Inc. was followed by the acquisition of an application container security startup by Tenable Network Security. Tenable said Flawcheck is among the first "vulnerability management" companies to offer security for Docker containers while supporting DevOps teams moving micro-services to production.

Tenable, Columbia, Md., which operates in the shadow of the nearby National Security Agency, is among a growing number of cyber-security firms springing up around the nation's capital that are helping enterprise deal with evolving IT security threats. According to reports, Tenable has raised an estimated $250 million in venture capability, mostly from private equity firms targeting the enterprise security market.

San Francisco-based Flawcheck provides tools for scanning application container images for security vulnerabilities and malware. Since Docker and other container approaches are based on Linux and other open source software components, greater attention is being given to the security of code used in open source components.

Flawcheck's approach provides continuous monitoring for Docker containers that ties in with continuous integration and deployment tools used by DevOps teams as they build container images. One goal is to ensure that containers with production workloads remain isolated from one another, and therefore compliant with enterprise security policies.

"Information technology is undergoing a profound change due to DevOps, containers and the mass migration of operations and infrastructure to the cloud,” Renaud Deraison, CTO and co-founder of Tenable Network Security, noted in a statement announcing the deal.

Details of the transaction were not disclosed.

Industry watchers note that containers and other application development advances are accelerating DevOps processes. For example, containers are often redeployed on the fly. That quickening pace is generating DevOps requirements for automating the process of scanning containers for security vulnerabilities and malware.

Flawcheck's founders previously worked at Facebook (NASDAQ: FB), Google (NASDAQ: GOOGL) and Intel Corp. (NASDAQ: INTC). Co-founder Anthony Bettini said the companies scanning tools are designed to give DevOps teams greater visibility into container security by allowing enterprises to monitor software development and container deployment.

Deraison said Tenable expects to release an IT security platform in 2017 that integrates Flawcheck's container scanning capabilities. The IT security firm is betting that fast-moving micro-services like Docker containers are outpacing the existing ability to secure applications and other workloads.

Docker and other container vendors have leveraged Linux kernel features like control groups, or cgroups, along with namespaces to provide a measure of security right out of the box. (Cgroups also are used to manage container resources like computing and memory.) Another security step involves isolating containers from each other in production

Tenable asserts those steps are insufficient to ensure security. Hence it released a tool earlier this year designed to audit Docker hosts and containers as a way to secure containers in production. "Users need to take additional steps to lock down the [Linux] kernel, reduce the attack surface of the Docker daemon [the background process that answers requests for services] and harden the container configuration to have a truly secure setup," the company noted in a blog post announcing the container-auditing tool.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).

Add a Comment