Educause Security Discussion mailing list archives
Container Security
From: Jason Borinski <jason.borinski () DEXCOM COM>
Date: Tue, 4 Jun 2019 01:10:30 +0000
Hi all, I'm looking for input from this group on how you are handling container security. Are you primarily relying on native container platform features, open source or commercial third party tools? We're ramping up our use of Google Kubernetes Engine (GKE) and are both assessing it's native security features while also considering third party tools to augment capabilities, particularly around detection/response. On the plus side GKE seems to have cluster/node security covered. Google also offers a number of native add-on services such as Container Analysis<https://cloud.google.com/container-registry/docs/container-analysis> (image scanner, still in beta), Cloud Security Scanner<https://cloud.google.com/security-scanner/> (light weight web app scanner), and Event Threat Detection<https://cloud.google.com/event-threat-detection/> which shows promise but has recently been put on hold. There is a WAF in alpha for Cloud Armor<https://cloud.google.com/armor>. Cloud Security Command Center<https://cloud.google.com/security-command-center/> shows promise but has so far been underwhelming. These add-ons seem to be low in maturity and lacking threat detection and response capabilities. So evidently NGFW/IPS is out of fashion and kludgy for container security, so we're exploring cloud-native security architectures. Also looking at third party products - does anyone have any experience with tools like Twistlock, Aqua, Stackrox, or Trend Deep Security? If so would appreciate your recommendations or lessons learned. Thank you, Jason Jason Borinski Senior Manager Information Security | Dexcom 6350 Sequence Drive, San Diego, CA 92121 858-203-6178 | jason.borinski () dexcom com<mailto:jason.borinski () dexcom com>
Current thread:
- Container Security Jason Borinski (Jun 03)
- Re: Container Security Cleary, Kevin (Jun 04)
- Re: Container Security Jason Borinski (Jun 04)
- Re: Container Security Cleary, Kevin (Jun 04)