Secure containerized environments from build through deployment - Announcing Container Runtime Security for VMware Carbon Black Container

We are announcing the general availability of Container Runtime Security for VMware Carbon Black Container. This release includes many new features and capabilities, which are available with the Container Advanced bundle. With this new release, you can quickly identify any network anomaly that happens in the cluster and get alerts on a consolidated alert page. The primary detected anomalies are Egress, Internal, and Ingress in a workload level, and Egress connections with IP reputation in a cluster and scope level. In addition, you can get alerted on malicious activity such as internal or external port scanning.

In the last few years, we’ve seen the number of containers skyrocket!!

But where are these containers running? Forrester says that 87.5% of organizations will be building and deploying containers both on-premises and in multiple public clouds. In other words - the same way that organizations were adopting VMs 20 years ago, it is predicted that organizations will be continuing to adopt containers at a rapid pace as well. With this massive expansion comes massive risk.

“At VMware, we aspire to be the best in the world at protecting applications from within,” said Tom Gillis, senior vice president and general manager, Networking and Advanced Security Business Group, VMware. “Protecting the runtime is the foundation of securing the inner workings of a modern application.

Before we dive deep, let us understand what is driving enterprises to adopt containers at such a rapid pace.

In simplest terms, containers and cloud-native technology allow organizations to be more competitive and drive more revenue through innovation and better customer experiences. Containers enable this by allowing enterprises to go from code to customer, faster and more continuously. Given a majority of apps will be containerized and running in production on multi-cloud infrastructure in just a few years, more organizations must be ready to operationalize containers and Kubernetes.

Containers and Kubernetes have become synonymous with the modern apps transformation as organizations increasingly adopt hybrid, multi-cloud architectures and break down legacy monolithic applications into distributed microservices. However, this transformation brings new development paradigms that have significant security implications. The container attack surface has grown in orders of magnitude relative to virtualized applications, providing many more points of entry for attackers who have already taken notice of the paradigm shift and new software ecosystem. The complexity of Kubernetes environments combined with the ephemeral nature of containers and frequent use of open source components requires a multilayered security approach that addresses each layer (hypervisor/public cloud, Linux/Windows OS, Kubernetes, and containers) and integrates seamlessly throughout the entire application lifecycle from development to production.

Kubernetes is the cloud-agnostic API that defines the infrastructure. It is Powerful and hence, risky.

Kubernetes requires a new approach to security. After all, legacy tools and processes fall short of meeting cloud-native requirements by failing to provide visibility into dynamic container environments. One of the key points of cloud-native security is addressing container security risks as soon as possible. Doing it later in the development life cycle slows down the pace of cloud adoption while raising security and compliance risks.

Kubernetes attack surface

Attackers are taking advantage of these additional entry points and doing so just at the container layer is not enough. You need to secure the infrastructure – the Kubernetes orchestration layer — that the workload and pipeline run on.

What are the key challenges we are trying to solve with container security?

The agility and flexibility that Kubernetes and its configuration-as-code approach provide should not be a trade-off for security. At the same time, security can’t be a roadblock to faster production deployments that drive business. The modern apps transformation and accelerated cloud adoption are dramatically increasing the average attack surface. It is important to balance business speed and agility with risk, by seamlessly integrating security throughout the CI/CD pipeline and into production.

To help organizations stay one step ahead of attackers, VMware is adding container runtime protection capabilities to enhance its end-to-end security offering for cloud-native workloads. These capabilities build upon the VMware Carbon Black Container solution released in April 2021. Attackers often attempt to hide in the noise of an environment, so container runtime security helps to reduce the noise and alert on real, active events while minimizing impact to the application and user experience. By consolidating these events to a single dashboard, security teams can accelerate their investigation into incidents impacting endpoints, virtual machine workloads, and containerized workloads. This provides enterprises with a better understanding of their overall security posture while reducing alert fatigue, effectively managing risk, and easing enforcement of compliance.

Watch this Short demo to understand what is Carbon black container runtime security

How does Container Runtime Protection Enhance End-to-End Security for Cloud-Native Workloads?

Unified solution with shared visibility for Security and Development teams.
Consolidate events and alerts to a single dashboard.
Ability to secure the full container lifecycle from build to runtime.
Frictionless deployment and easy policy management.
Alert actions based on policy.
Ability to scan images in the cluster image layer.

VMware's runtime security functionalities add network visibility, anomaly detection, and egress management for containers. With the build time capabilities of hardening and vulnerability scanning for container images, carbon black container provides a comprehensive security solution for both on-premises and cloud-native workloads.

VMware’s new container runtime security capabilities include:

Runtime cluster image scanning enables security and DevOps teams to automate runtime vulnerability scanning and customize policies to reduce risk and ensure images used in running containers are secure. This expansion for image scanning capabilities allows for images to be scanned in Kubernetes clusters, whether they are on-premises or in the cloud.
Integrated alerts dashboard provides a single pane of glass for security teams to view events and address anomalies in their runtime environment, and enable faster investigation and correlation of events from both host and container layers.
Kubernetes visibility mapping allows DevOps and security teams to quickly understand the architecture of an application that was set pre-deployment to better identify egress destination connections, potential workload policy violations, and vulnerable images.
Workload anomaly detection leverages artificial intelligence to standardize networking modules and alert SecOps teams on any deviation from that module, which is critical when setting up new workloads.
Egress and ingress security provide security teams with added visibility into the external source that is reaching out to the Kubernetes service and easier detection of malicious egress connectivity based on the IP address and the behavioral data.
Threat detection alerts on port scanning to check for vulnerabilities and quickly see if there is a lateral attack in progress. If an attacker tries to exploit a vulnerability to find the next lateral move, the internal port scan, and egress port scan will raise an alert.

Product Availability

Container runtime protection is currently available through the VMware Carbon Black Cloud Container Advanced Bundle. For more information, please visit the VMware Carbon Black Container product page.

Like to Learn more? Attend our Live Webinar: Securing the Container Lifecycle from Build to Run with VMware Security