Re: Container Security

["Cleary, Kevin" <kpcleary () BUFFALO EDU>]

Hi Jason,

 

Another tool to potentially consider would be Sysdig - https://sysdig.com/ .

 

At UB, we're running a OpenShift on-prem.  So we needed something that could
provide a depth of visibility across the many layers of keub/docker/OS
software stack.  

 

We did also consider Aqua.

 

--

Kevin Cleary

Manager, Systems Software

CIT Enterprise Infrastructure Services

University at Buffalo

305 Computing Center

Buffalo NY 14260-1407

Phone:  716-645-4767

 

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jason Borinski
Sent: Monday, June 3, 2019 9:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Container Security

 

Hi all,

 

I'm looking for input from this group on how you are handling container
security. Are you primarily relying on native container platform features,
open source or commercial third party tools? We're ramping up our use of
Google Kubernetes Engine (GKE) and are both assessing it's native security
features while also considering third party tools to augment capabilities,
particularly around detection/response.

 

On the plus side GKE seems to have cluster/node security covered. Google
also offers a number of native add-on services such as Container Analysis
<https://cloud.google.com/container-registry/docs/container-analysis>
(image scanner, still in beta), Cloud Security Scanner
<https://cloud.google.com/security-scanner/>  (light weight web app
scanner), and Event Threat Detection
<https://cloud.google.com/event-threat-detection/>  which shows promise but
has recently been put on hold. There is a WAF in alpha for Cloud Armor
<https://cloud.google.com/armor> . Cloud Security Command Center
<https://cloud.google.com/security-command-center/>  shows promise but has
so far been underwhelming. These add-ons seem to be low in maturity and
lacking threat detection and response capabilities.

 

So evidently NGFW/IPS is out of fashion and kludgy for container security,
so we're exploring cloud-native security architectures. Also looking at
third party products - does anyone have any experience with tools like
Twistlock, Aqua, Stackrox, or Trend Deep Security? If so would appreciate
your recommendations or lessons learned.

 

Thank you,

Jason

 

Jason Borinski

Senior Manager Information Security | Dexcom

6350 Sequence Drive, San Diego, CA 92121

858-203-6178 | jason.borinski () dexcom com <mailto:jason.borinski () dexcom com>

Attachment: smime.p7s
Description: