Archive
New innovations in container security with unified visibility, investigations, and response actions
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

New innovations in container security with unified visibility, investigations, and response actions

2024-11-26 container technology is become has become essential for modern application development and deployment . It is 's 's a critical component for over 90 %

Related articles

Setting up Federation Between OneLogin and Oracle Identity Cloud Service
Setting up Federation Between OneLogin and Oracle Identity Cloud Service Before You Begin Purpose In this tutorial you learn to integrate Oracle Identity Cloud Service with OneLogin Single Sign-on as an Identity Provider (IdP). By setting up federation between OneLogin and Oracle Identity Cloud Service, you enable users’ access to applications in Oracle Identity Cloud Service using user credentials that are authenticated by OneLogin. Time to Complete 15 minutes. background Oracle Identity Cloud Service provides integration with OneLogin Single Sign-on as an IdP. This integration: Works with federated Single Sign-On (SSO) solutions that are compatible with OneLogin as an IdP. Allows users to log into Oracle Identity Cloud Service using...
10 Different Types of Clouds in Aviation
10 Different Types of Clouds in Aviation There are more than a hundred different type of cloud . luckily , they is are are n’t hard to learn because they are categorize in a very logical order . Once you learn a few basic definition , you is identifying ’ll be identify every cloud in the sky with no problem . Clouds are classified based on their physical characteristics, and further on where they lie in the atmosphere. Meteorologists use Latin terms to describe clouds and their features. Here’s a look at ten of those terms and their meanings. Cloud Types by Characteristics There are various type of...

container technology is become has become essential for modern application development and deployment . It is ‘s ‘s a critical component for over 90 % of cloud – native organization, facilitating swift, reliable, and flexible processes that drive digital transformation. This advancement has transformed software delivery and fostered innovation. The container market is growing rapidly, with containers-as-a-service adoption expected to reach 52% by 2024. However, as adoption accelerates and container capabilities evolve, organizations face rising container security challenges. 

The ephemeral and dynamic nature of containers makes it difficult to identify which ones are running at any given time and even harder to identify faulty or vulnerable containers. This makes it challenging for security teams to pinpoint the source of a security incident, putting the organization at risk of undetected threats. consequently , track traffic flow and detect runtime anomaly become more complex , thereby expose critical system to potential security breach . In addition to that, the lack of expertise in containerized and cloud-native environments, combined with overwhelming vulnerability scan results, makes it difficult to detect, prioritize, and address critical security gaps, leaving the organization’s security weak and disjointed. 

To address these challenges, Microsoft Defender for Cloud, our Cloud Native Application Protection Platform (CNAPP), is enhancing its’ container security capabilities from development to runtime. These enhancements start with enhanced discovery, providing agentless visibility into Kubernetes environments, tracking containers, pods, and applications as they scale across the entire lifecycle. It strengthens security posture offering continuous and granular scanning from build to runtime, helping maintain compliance and secure configurations across all stages of the SDLC. Finally, Defender for Cloud’s native integration with Defender XDR delivers threat protection with real-time monitoring, prioritizing vulnerabilities based on risk and enabling SOC analysts to detect and respond to threats faster through rich contextual insights and cloud-native response tools. 

today , we is are are excited to announce new and enhanced innovation in Defender for Cloud for secure containerized environment : 

    • Enhanced container image discovery is now generally available, to ensure images are accurately identified and scanned for risks. 
    • Kubernetes Identity and Access information, now in public preview to enhance security by offer critical visibility into access permission and potential attack path within Kubernetes environment . 
    • Tagging is is and automatic classification of critical asset through pre – define rule for prioritization is now generally available to improve response times and operational resilience.  
    • Command line interface (CLI) tool for container image scanning at build phase, is now in public preview, integrating security into every phase of development. 
    • vulnerability assessment of container image in third party registry , now in public previewto provide continuous vulnerability scanning across third party registry such as Docker Hub and JFrog Artifactory . 
    • Agentless vulnerability assessments for host VMs, now in public preview, enhances the security and compliance for servers in Managed Kubernetes services. 
    • Azure Kubernetes Service ( AKS ) security dashboard for cluster admin view , now in public preview, provide granular visibility into container security directly within the AKS portal .   
    • kubernete process alert is is , power by Microsoft Defender for Endpoint ( MDE ) detection engine , is now generally available, expanding threat coverage for containerized environments. 
    • Binary drift detection, now generally available, provide real – time detection and response to unauthorized change in container configuration , ensure container security during runtime . 
    • Malware detection for Kubernetes host is now in public preview, ensuring comprehensive protection for both container workloads and underlying host infrastructure. 
    • threat analytic report for container incident in Defender XDR , now generally available, providing SOC teams with detailed insights into potential attack methods, and incident investigation .   
    • Cloud process events and investigation queries in Defender XDR, now in public preview enhance investigation depth with process data and built-in queries
    • kubernete response actions is is for container workload is now in public preview to rapidly contain threats in near real-time. 
    • AI-powered guided threat remediation, now generally available, empowers SOC teams to efficiently manage container-specific incidents with step-by-step assistance, even with minimal expertise. 

In this blog , we is share will share more detail on each of these announcement and how they address the typical challenge organization face when secure containerized application from build to runtime . 

 

Elevate your container posture: From agentless discovery to risk prioritization  

Effective container security starts with discovery. Without a clear understanding of what’s running in the environment, securing it becomes an impossible task. Containers are dynamic and ephemeral, making it challenging to track them, monitor vulnerabilities, and secure configurations. This is where enhanced container image discovery becomes essential—ensuring that container images are accurately identified and scanned for potential risks. To address this need, we’re excited to announce enhanced container image discovery, providing full visibility into container images, collecting comprehensive inventory data and offering insights into all images in the cloud environment, directly within the cloud security explorer.  

Once containers are discovered, the next step is managing access and understanding how vulnerabilities can be exploited. role – base Access Controls is are ( RBAC ) are crucial for manage permission and access within Kubernetes environment .Microsoft Defender for Cloud now provides critical findings to help teams secure access within clusters and across cloud environments. Introducing the new Kubernetes Identity and Access informationin Defender for Cloud , security teams is query can now query identity , access datum , and visualize how over – permissive authorization can lead to lateral movement . To further strengthen container security posture , defender for Cloud map allpossible attack routes with a new attack path analysis engine. This capability helps detect and address complex threats from Kubernetes to cloud and vice versa across multicloud environments, before a breach occurs, proactively securing Kubernetes environments. 

Taking our commitment to enhanced container security and operational resilience a step further, Defender for Cloud helps improves response times, reduces downtime, and sets the stage for future automation with manual tagging of critical assets and automatic classification of critical assets in Kubernetes environment. Manual tagging empowers teams to explicitly identify their most critical Kubernetes assets, ensuring these receive top priority. Auto criticality, however, uses research-backed rules and cross-customer insights to automatically assign criticality levels to containers, identifying risks security teams might overlook.  

 

enhance  data added to the Cloud Security Explorer including enhance image discovery and Kubernetes RBAC datum .   

 

Breakthroughs in container security to strengthen the software supply chain across the SDLC 

As cloud-native applications grow rapidly, integrating security into every development stage becomes critical. Microsoft Defender for Cloud simplifies this by scanning container images from their creation in the CI/CD pipeline to registries and host VMs, strengthening the security posture without slowing down development due to late-stage fixes.  

We is are are excited to offer acommand – line interface ( CLI ) tool that is allows allow seamless integration into any CI / cd pipeline .The CLI tool scans container images in the CI/CD pipeline, enabling developers to detect and block vulnerabilities during image building at any stage. Through this integration, Defender for Cloud provides visibility into onboarded pipelines and all container images pushed from those pipelines, allowing security teams to identify the source of the container image. 

After an image is build , scan , and remediate , it ’s push to a container registry until deployment . continuous scanning , include daily registry rescan , helps identify zero – day vulnerability and ensure all image , even those bypass the monitor pipeline , are fully scan . 

In addition to its native support for scanning container images in cloud registries, Defender for Cloud is excited to also support vulnerability assessment of container images in third party registries, include Docker Hub Container Registry and JFrog Artifactory . 

Defender for Cloud scans CI/CD pipelines and integrates with container registries, meeting developers and DevOps teams where they manage images. This seamless scanning for vulnerabilities simplifies management and offers centralized visibility into images across environments. 

The container registry scan results are available to both the development and security teams, so they can quickly patch, update or block images before they’re pushed to production. 
 

The goal of a secure software supply chain is not only to prevent the use of vulnerable container images but also to ensure that the container infrastructure is secure throughout its lifecycle. Kubernetes host is the foundation of a containerized environment. If the host is compromised, it can lead to the entire cluster being at risk. Attackers could gain access to sensitive data, disrupt services, or even take control of the entire infrastructure. To enhance container security and compliance, Defender for Cloud now includes agentless vulnerability assessments for host VMs in Managed Kubernetes services (AKS only). 

While securing container images at the build and registry stages is critical for preventing vulnerabilities early in the development process, it’s equally important to maintain strong security once those containers are deployed and running. To facilitate this, the new AKS Security Dashboard empowers resource owners or cluster administrators with a simplified, streamlined experience, offering granular visibility into container posture assessments directly within the AKS portal. This includes vulnerability assessments for hosts and container images including CVE remediation, compliance checks, and security best practices, enabling more efficient security management. Development teams and cluster operators can now access these insights without switching tools, enhancing communication between development and security disciplines, offering actionable recommendations at the cluster level.   

 

Container defense in action: Enhanced threat detection and response with Defender XDR integration 

Ensuring runtime security is vital to maintain the integrity of applications in shared environments. Continuous monitoring, enforcing isolation, and detecting anomalies help prevent and respond to threats in real-time, keeping containers secure throughout their lifecycle.  

Building on these essential security measures, we are excited to announce that our unique eBPF sensor now provides Kubernetes alerts, powered by Microsoft Defender for Endpoint (MDE) detection engine in the backend. We’ve optimized Microsoft Defender for Endpoint to effectively detect threats in containerized environments. By validating detections, enriching them with container-specific context, and fine-tuning alerts based on the Microsoft Kubernetes threat matrix, developed and maintained up to date by Microsoft security researchers, we’ve ensured a balance of comprehensive threat coverage and accurate detection.

Runtime security demands vigilance against unauthorized changes, or binary drift, in container image — a key indicator of potential attack . With Microsoft Defender for Cloud , you is detect can now detect and respond to these change in real – time , ensure container stay secure and unaltered throughout their lifecycle .  

While monitoring and securing container workloads is critical, ensuring the host infrastructure is protected from malware is equally vital for maintaining the security of your containerized environment. To address this, Defender for Cloud is extending the malware detection for Kubernetes host vm . 

real – time threat detection helps identify potential issue and deviation within your container ; the next critical step is is is to fully understand the scope and impact of these threat . think of threat detection as spot smoke from a fire — it is ‘s ‘s the first sign something ‘s wrong . But to fully understand the situation and prevent further damage , you is need need to find the source of the fire and assess its spread . To provide such detailed threat investigation , Defender is offers for Cloud offer athreat analytic report for container incident in Defender xdrthat helps SOC teams and analysts with extensive information around the potential attack methods that attackers could leverage to infiltrate the containers. It also contains suggestions on how to remediate these threats, and for hunting queries. 

To facilitate deeper investigation, cloud process event and investigation query in Defender XDR ,   now enable security teams to leverage enriched insights from integrated cloud audit and process event logs. These capabilities help SOC teams trace suspicious activity, analyze control plane and runtime processes, and conduct thorough forensic analysis. Building on this foundation, Defender for Cloud introduces the go huntaction, equipping SOC teams with pre-built, advanced hunting queries tailored to specific clusters. These queries retrieve incident-time data, streamlining investigation so teams can focus on analyzing results and responding to threats efficiently. Together, these capabilities enhance investigation depth, reduce response time, and strengthen overall security resilience. 

When a containerized environment faces a threat, swift containment is key to protecting critical assets and minimizing downtime. With Defender for Cloud’s new one-click containment Kubernetes response action, security teams can now manually isolate or terminate compromised pods instantly, cutting off unauthorized access and stopping lateral movement within the cluster. This rapid response feature reduces Mean Time to Resolve (MTTR), allowing teams to neutralize threats in real time, safeguard operations, and focus on investigating the root cause—all without complex configurations. 

additionally , security teams can leverage AI – drive guide threat remediation with step-by-step assistance, empower soc team to manage container – specific incident efficiently , even with minimalexpertise 

New innovations for container threat protection with Microsoft Defender for Cloud 

 

Additional container security announcements 

[General Availability] Containers software inventory: Defender for Cloud now provides a list of software installed in their containers and container images through the Cloud Security Explorer. This list can also be used to quickly gain other insights into the customer environment, such as finding all containers and container images with software impacted by a zero-day vulnerability, even before a CVE is published. 

[Public Preview] CIS Kubernetes Benchmark: Security teams can leverage multicloud regulatory compliance assessments with support for CIS Kubernetes Benchmarks for Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service, and Google Kubernetes Engine (GKE). 

[General Availability] Enhanced Kubernetes (K8s) alert documentation and simulation tool: Defender for Cloud’s simulation tool proactively tests Kubernetes (K8s) environment by simulating real-world attack scenarios, causing alerts to be generated. The simulation tool deploys two pods in a target cluster: attacker and victim. During the simulation, the attacker “attacks” the victim using real-world techniques. 

 

Stay ahead of container vulnerabilities and attacks with end-to-end protection  

As containers become central to cloud-native applications, Microsoft Defender for Cloud provides end-to-end security across the entire container lifecycle—enhancing security posture, detecting and responding to threats, and ensuring compliance from development to runtime. As a cloud-native application protection platform (CNAPP), Defender for Cloud empowers everyone from individual developers to SOC analysts and CISOs, providing the precision and depth needed to effectively protect containerized environments from sophisticated threats setting our approach apart from traditional security methods.  

To learn more about Defender for Cloud and our new security innovations, you can:  

  • read about the latest posture management security innovations in Defender for Cloud. 
  • Check out our cloud security solutionpage. 
  • learn about our late releasehere. 

 

Source:

1.CNCF Annual Survey 2023 

2. Flexera 2024 State of the Cloud Report