Containerisation

What Is It?

Containerisation is a mechanism for running lightweight system images, known as containers, on a host. These containers contain a small, cut down, operating system and contain only the relevant packages for their usage such as hosting a web application for example. Containerisation works on a microservice basis, where elements of a service are split out to assist with rapid development and prioritised management. These containers can be hosted on an individual basis, such as in Docker for example, or in an orchestration platform such as Kubernetes for example. It should be noted that containerisation is different to conventional virtualisation as containers use separate processes from a single host kernel versus virtualisation which has an underlying operating system that provides a hypervisor.

Why Assess It?

There are many reasons to conduct a containerisation security assessment, five of which are below.

Control Dependency Vulnerabilities

Containers need their packages bundled in, or pulled down during build time, and as there is minimal functionality to start with these dependencies can become exponential in number and complexity very quickly. By conducting a security assessment, you will understand where your dependencies are, their security impact, secure ways of managing them and how to reduce them effectively.

Understand the Attack Surface

Containerisation is different to conventional virtualisation and this architectural shift has an impact on your management of the risk. Novel attacks need to be considered, such as if it is possible to compromise the underlying containerisation platform or deploy arbitrary code or a container into the environment. Upstream attacks in the deployment pipeline are common with threat actors too.

Secure the Containers and the Platform

Each container is an individual host, with the underlying platform providing network overlays and access to other resources. It is important to ensure that both the containers themselves have undergone a sufficient level of security hardening but also the hosting platform does not facilitate privilege escalation or escaping from the environment into your wider organisations network.

Compartmentalise Your Risk

Containers are ephemeral and can be a great addition to your security posture, namely by housing high risk services or used intelligently for short lived processing activities to contain any possible access a threat actor would have at that moment. A security assessment of your container usage gives you more confidence in your decision.

Bring Security Forwards

Containers allow for a deployment pipeline which means that it is a great opportunity to deploy security tooling prior to the containers being run to detect and remove malicious content, vulnerable dependencies and conduct testing to ensure the reliability of the code being released into the container.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your containerisation security assessment and we do this by:

Multi-Faceted Assessment

We do not just look at the container deployment configurations, we delve into the containers and dynamically assess them. We also look at the environment as a whole and how it is managed to identify all the attack chains present.

Experience and Knowledge of Modern Development

We are used to working inside containerised platforms and understand how conventional security assessment techniques are insufficient to provide the assurance you need.

Understanding the Real Risk

Containers work differently, due to them being ephemeral in nature and how they are cut down distributions of operating systems. This means that conventional severities assigned to vulnerabilities like missing patches do not correlate across identically. We take pride in triaging the real likelihood of an adverse security event and the actual risk it would pose to you.

Preserve Incident Response Capability

In the event that a compromise has happened, your ability to triage the events of the threat actor relies on non-repudiable logging. As threat actors generally reside and obtain privileged access to containers or the underlying infrastructure, this means that logs can be modified whereas a secure zone for protective monitoring can provide this much needed ability. Through a containerisation security assessment, you will gain confidence in both the logging capability and the assurance in its integrity.

Alignment with Best Practices

Containers are often managed on an individual basis, meaning that their configuration can differ per image, even when load balanced in an environment. Human errors also mean misconfigurations that create a security vulnerability can be a common occurrence. By conducting a containerisation security assessment, you will ensure that the containers and associated infrastructure are being managed as one and have been security hardened effectively.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top