Container Security Adoption with Falco

In 2019, some 60% of organizations that use containers suffered a container-related security incident, according to a Tripwire survey.

Along with this finding from respondents representing hundreds of organizations that currently have containers in production came several additional concerning statistics:

47% said they deployed containers known to have vulnerabilities, and 46% admitted they deployed containers without knowing whether or not they had vulnerabilities.

Overall, 94% of respondents said they have container security concerns, and 71% predicted that container security incidents would continue to increase.

According to Gartner, by 2020, more than 50% of global organizations will be running containerized applications in production.

Basic Container Security Best Practices adopted..

Pulling Images from a Trusted Store and which is regularly maintained.

Simplifying base OS like RancherOS, Alpine Linux etc. And, Installing the bare minimum software’s which reduces the Surface Area for any vulnerability.

Access Management, Logging and Auditing can be taken care by different ways like Centralized Logging, Authz, Namespaces,User Roles etc.

Using Vaults instead of using environment vars etc.

Types of Container Security

Static Scanning : Container Images are scanned to check if there exists any vulnerabilities or anywhere surface area exposed for Threats & Attacks. For Example Image Vulnerability Scanning below

In the above example, we can see that vulnerability present in Apache 2.2 will also make the WordPress 4.6 and PHP 7.0 images vulnerable too.If the WordPress 4.6 and PHP 7.0 base image is created from clean Apache 2.2 version then the current vulnerabilities would not have been there..

Dynamic Scanning : Containers are scanned at runtime to validate any runtime vulnerability or behavior which can compromise the Container and its underlying host.

There are 2 ways , Dynamic Scanning Security is done in Containers by:

• Enforcement Tools
• Auditing Tools

Comparison Of Falco with Other Tools

Falco Alerts & Output