As more companies adopt container technologies and pivot to a Cloud Native world, it opens up pandora’s box full of unique challenges, the most significant of which – how to secure this new attack surface? Security is one of the most complex challenges of running Kubernetes and other container technologies due to the multiple moving layers present in a Cloud Native stack. It usually gets overlooked in favor of solving issues related to observability, networking, and storage. This is precisely why developers and operators may not focus on security during the early stages. They then need to figure out ways to identify, understand and remediate these modern risks that they might not have encountered before. In this article, we will explore some of the unique threats that you will probably encounter when using containerized applications.
Service mesh vulnerabilities
A service mesh provides features for making applications more secure, reliable, and observable at the platform layer. Current service meshes have fundamental security mechanisms either incomplete or entirely missing and can be exploited by attackers. Although they offer rich configurations, the defaults are insecure and vulnerable to attacks. Since service meshes are decentralized, malicious actors can overwhelm cluster formations. Additionally, misconfiguration issues and design flaws can also be a cause for threat. Service mesh tools are highly regarded and advertise their security contributions but they are either not enabled by default or are left to third-party tools to be implemented.
Runtime threats
Runtime threats have increased in Kubernetes-centric applications. Cybercriminals plant seemingly harmless data into application servers through emails, mobile applications, social media, etc so that when these programs are activated, the data can morph into malicious code during runtime. This code can then be used to trigger applications to send information to wrong locations within a shared memory so that any and all types of data can be accessed by them. Additionally, runtime attacks can also be used for privilege escalation allowing attackers to gain unauthorized access to Kubernetes resources they should not be able to access – secrets, sensitive information, storage volumes, external binaries.
Container related threats
The sheer scale of containers creates blind spots, thus increasing the attack surface as well as the time required to identify vulnerabilities. The amount of deployed containers is inversely proportional to visibility which means as the number of containers being deployed increases, visibility into the cloud-native infrastructure decreases. Decreased visibility means missing out on vulnerabilities thus increasing the chances of an attack.
Containers have the ability to talk to each other within deployments and to other endpoints, both internal and external. This ability means that if any single container is infiltrated, the malicious agent can easily move laterally within the infrastructure. Additionally, it is also difficult to investigate and fix vulnerabilities and misconfigurations in containerized applications efficiently given their distributed nature. The sidecar model of service meshes help to monitor container-to-container communication, and secure them from the ground-up.
Secrets management risks
It is necessary to keep an eye on how sensitive data like credentials, keys, etc, are stored and accessed. Secrets should not be passed around as environment variables or exposed by being baked into container images or code. They need to be encrypted and managed by a secrets management service like Hashicorp Vault. It is essential to ensure that deployments mount only the secrets they actually require. Poor secret hygiene, like default passwords, password sharing, embedded secrets, lack of password rotation opens up various opportunities for breaches.
Common Vulnerabilities and Exposures (CVEs)
Common Vulnerabilities and Exposures, aka CVEs, is a list of publicly known computer security flaws. A CVE number uniquely identifies one vulnerability from the list. This helps make a standardized identifier for a given vulnerability or exposure that all vendors, enterprises and all interested parties can use to exchange information about cybersecurity issues.
A vulnerability is a weakness in a computer system or network that can be exploited by an attacker to gain unauthorized access and execute unauthorized actions. An exposure, on the other hand, is a mistake that allows an attacker to access a network. It is more accidental than planned out and sophisticated. Security teams and tools need to be aware of these CVEs on a regular basis, and constantly check systems against them.
How to secure against new types of risks
- Automate runtime threat detection so that all manual errors can be completely eliminated. It could help identify threats via security checks made during runtime.
- Use rigid access controls to ensure each workload is properly isolated so that it prevents compromised containers from affecting the cluster.
- Enforce a Runtime Application Self Protection (RASP) tool as it specializes in protecting particular applications. It monitors the input, output, internal state, and data of an application to identify threats during runtime that may have been overlooked. Additionally, it can also help block attempts made to exploit existing vulnerabilities in deployed applications.
- Necessitate immutability – kill unpatched containers instead of updating them and push out new patched containers. This will help identify any polymorphic change in the behavior of containers as an indication of threat.
- Eliminate hard-coded and default passwords, implement password security best practices and apply privileged session monitoring.
- Enforce continuous image scanning to prevent malware from reaching a runtime environment.
- Practice frequent vulnerability management to gauge how risks would affect the organization. Understand the environment and deployment well to be able to identify which CVE applies to which unique environment.
Conclusion
Security threats in the cloud native stack and containerized world are unique and vast. They may seem daunting to mitigate. But the important thing to do is to secure your infrastructure by following security best practices and covering the fundamentals. With further advancements in the Cloud Native world, more solutions to tackle these modern risks will soon emerge. It will be interesting to see how these solutions will integrate themselves without hampering functionality.
If you have questions related to this topic, feel free to book a meeting with one of our solutions experts, mail to sales@amazic.com.
