Tom Gillis (VMware)
VMware is entering the race to secure modern, cloud-native environments by adding container runtime protection to its Carbon Black Container security product, which it launched in April 2021.
Defending cloud-native environments at runtime is presenting developers and security professionals with a whole new set of security considerations, leading them beyond just hardening a Kubernetes cluster and into the realms of dynamic vulnerability scanning, identity management, and access controls.
Because containers are being spun up and down all the time, securing container environments is somewhat challenging, with a need for greater visibility and automation to keep containers secure and compliant at all times.
To meet these challenges, VMware is adding the following features to its Carbon Black Container security product.
- Runtime cluster image scanning: Security or devops teams can automate runtime vulnerability scanning and customise policies to help ensure container images are always secure.
- Integrated alerts dashboard: To view events and anomalies in a runtime environment for more effective investigation, correlation, and resolution of security events.
- Kubernetes visibility mapping: View the architecture of an application to better understand destination connections, potential workload policy violations, and vulnerable images.
- Workload anomaly detection: Standardise networking modules and alert security teams to deviations.
- Egress and ingress security: Added visibility into any external source that is reaching out to a Kubernetes service for easier detection of malicious egress connectivity based on the IP address and the behavioural data.
- Threat detection: Scans open ports to check for vulnerabilities and quickly see if there is a lateral attack in progress.
“Protecting the runtime is the foundation of securing the inner workings of a modern application,” Tom Gillis, general manager for networking and advanced security at VMware, said in a statement.
“With the introduction of container runtime protection, our end-to-end security offering is now tightly integrated across the entire application lifecycle, protects all east-west traffic, and brings a new level of distributed visibility and security to APIs.”
This need for greater runtime security has led to a fast-growing ecosystem of startups and security vendors, including startups like Deepfence, Sysdig, Aqua Security, Anchore, and Lacework, as well as vendors who have acquired these capabilities, such as Palo Alto Networks’ TwistLock, Red Hat’s StackRox, and Suse’s NeuVector.
Container runtime protection is available immediately for advanced bundle customers of VMware’s Carbon Black Container.
