SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Breach Prevention
#
Open source
#
Containers

Runtime security challenges for geo-distributed businesses

Fri, 28th Jun 2024
Author image
By Shannon Williams, Journalist

Runtime security, the practice of protecting containerised applications while they are deployed in the orchestrator, is essential for defending against real-time cyber threats that can compromise active workloads. For geographically distributed businesses operating across multiple locations and regions, the challenges of managing runtime security are more complex compared to companies without branches, according to Kaspersky.

The latest Kaspersky study, "Managing geographically distributed businesses: challenges and solutions", reports that 85% of those using container development methods have experienced cybersecurity incidents related to containers and/or Kubernetes in the last 12 months. Around one-third of these (32%) were cyber incidents during runtime, creating serious system vulnerabilities.

Runtime security involves the protection of containerised applications and their environment while they are deployed in the orchestrator. This includes monitoring and managing several aspects and risks associated with them:

Traffic between containers: In a microservices architecture, multiple containers often communicate with each other, forming a complex web of interactions. For geo-distributed businesses, this traffic spans different regions, making it even more challenging to monitor. The dynamic nature of container orchestration, where containers can be deployed, scaled, and terminated frequently, adds to the complexity. Unmonitored traffic can be exploited by attackers to move laterally within the network, gaining access to sensitive data and services.

Processes inside containers: Each container runs processes that can be potential entry points for security breaches. Monitoring these processes is crucial to detect any unusual behaviour that might indicate a compromise. However, the ephemeral nature of containers and the sheer volume of processes running in large-scale deployments make this task daunting. For geo-distributed businesses, the challenge is magnified by the need to monitor processes across different locations, each with its own set of security requirements and compliance issues.

Visibility and context: Gaining visibility into what happens inside containers is inherently difficult because they operate as isolated environments. For geo-distributed businesses, maintaining visibility across multiple regions is one of the major challenges. Additionally, understanding the context of detected anomalies—whether they are benign or malicious—requires deep insight into the application's normal behaviour and the environment's baseline, which can differ from one region to another.

Several strategies can help enhance runtime security for geo-distributed businesses. One is to segment the network, which means breaking it into smaller, isolated sections with strict access controls. This can limit an attacker's ability to move sideways within the network if they breach a container.

Another strategy is to monitor the behaviour of containers and their processes. By using advanced monitoring tools, unusual activity can be quickly identified and flagged as a potential threat. Additionally, specialised security solutions with continuous scanning functionality play a crucial role. Such tools scan for threats and respond in real time, which helps in quickly addressing any security issues without needing constant human oversight. Continuous scanning can provide immediate defence against attacks, detecting and preventing malicious activities as they happen.

Keeping detailed logs of all container activities and network traffic is also vital. These logs help in understanding what happened during a security incident and in taking corrective measures to prevent future breaches. For geo-distributed businesses, centralised logging solutions that aggregate data from different regions can provide a comprehensive view of security events and streamline incident response.

Anton Rusakov-Rudenko, Product Marketing Manager, Cloud & Network Security Product Line at Kaspersky, stated, “Runtime security is a critical component of modern containerized application protection, yet it presents significant challenges especially for geo-distributed businesses. Their client services, business applications, and entire infrastructure are spread across different regions with their specific network conditions and limitations. It is a challenge to observe such infrastructure by itself. Containerization brings another complexity level due to the dynamic nature of containers and interactions between them. It is crucial to adopt a runtime security solution that can be integrated in geo-distributed infrastructure without harming its efficiency, provide behavioural monitoring of running containers, network segmentation, and threat detection tools. Our Kaspersky Container Security is designed to address these challenges, providing real-time protection and ensuring the integrity of your active workloads.”

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Leaseweb launches cost-effective Public Cloud service
WatchGuard launches AI-driven ThreatSync+ NDR & compliance tools
Kaspersky launches new course on Windows digital forensics
Businesses to increase cloud use by 85% in next five years
Trend Micro excels in MITRE Engenuity ATT&CK Evaluations
Top stories
Bitdefender & Netgear report reveals major IoT vulnerabilities
Aqua Security finds critical data exposures in SCM systems
Survey shows 76% of firms boost cyber defences for insurance
OutSystems Developer Cloud earns SOC 2 attestation for security
Fortinet report highlights global cybersecurity skills shortage