IT Brief New Zealand logo
Story image

Why the rise of containers has created a vulnerability crisis

After a year of rapid movement toward cloud services in the face of the pandemic, several knock-on effects have been observed — and they’re not all positive.

New and emerging technologies provided the means for businesses to fast-track digital transformation to ensure business continuity. Unfortunately, this move to increased digitisation is not only costly, but it also opens the door to new cyber threats. 

As teams work through the initial lift-and-shift phases — where existing server workloads and operations are moved to the cloud — many discover the need to optimise their application delivery strategies by leveraging DevOps methodologies, serverless frameworks, and container technologies.

What are containers?

Containers are a lightweight and portable way to build, test, and deploy applications in the cloud. They make it easy for development teams to go live with new versions of software quickly. This is helped mainly through off-the-shelf public registry container images available to fast-track development work.

Compared to virtual machines, containers do not run a complete operating system; this is what makes them so lightweight and portable. All the files needed to run the container are provided from the container image, allowing a single container to run anything from a software process to a larger application.

A rise in the use of Kubernetes and Docker services — and increased adoption of DevOps methodologies — have all contributed to this popularity.

The proliferation of containers

As containers fast become a mainstay of IT infrastructure, just like many other technologies seeing increased adoption in the last 12 months, attackers have wasted no time in their exploitation of container vulnerabilities. 

In many cases concerning container breaches, privilege mismanagement has led to malware being installed. This is exacerbated by the fact that many developers use off-the-shelf images from public registries as a base for application development — and such images can contain security vulnerabilities.

Research shows more than 10% of open-source components consumed by developers have at least one known vulnerability. As such, organisations should work to ensure they are aware of the risks and identify vulnerabilities before applications are released to production or live environments where attackers can exploit these inherent weaknesses.

Sophos’ answer to container vulnerabilities

Sophos identified the havoc being sewn in container infrastructure and provided a fix via its cloud security posture management solution, Cloud Optix to provide visibility of container assets and scanning to identify exploitable weak points in container images.

Organisations can use Cloud Optix to scan container images pre-deployment to prevent threats from operating system vulnerabilities and identify newer versions of the image that may contain fixes.

The solution allows DevOps teams to scan container images for security vulnerabilities in the following locations:

  • Amazon Elastic Container Registries (ECR)
  • Microsoft Azure Container Registries (ACR)
  • Docker Hub registries
  • IaC environments (Bitbucket and GitHub)
  • Images in build pipelines (using the Cloud Optix API)
  • Thanks to the SaaS-based, agentless service, there’s nothing to install — making this Cloud Optix capability easy to set up.

Once customers link their container registries to Cloud Optix, they will see details of scans performed, images queued for scanning, and vulnerabilities detected. The image-scanning process is regularly repeated automatically to identify new vulnerabilities and available fixes to existing container images.

Alerts for images with critical vulnerabilities can be sent to development teams via Jira, ServiceNow, Slack and Microsoft Teams integrations, providing visibility of security vulnerabilities and the tracking of fixes. With container vulnerability scanning from Sophos, you can ensure breach points are blocked before they can be compromised.

To learn more about Sophos Cloud Optix, click here.