There are many different security capabilities that are part of the Docker container platform, and there are a number of vendors providing container security offerings. At the DockerCon EU 17 conference in Copenhagen, Denmark, eWEEK moderated a panel of leading vendors—Docker, Hewlett Packard Enterprise, Aqua Security, Twistlock and StackRox—to discuss the state of the market.
To date, there have been no publicly disclosed data breaches attributed to container usage or flaws. However, that doesn't mean that organizations using containers have not been attacked. In fact, Wei Lien Dang, product manager at StackRox, said one of his firm's financial services customers did have a container-related security incident.
StackRox found a code injection attack on a web-facing service, followed by lateral movement to another internal service. It was clear from StackRox's investigation that the attackers were looking to do data exfiltration, Dang said.
Docker as a platform has its own security capabilities that provide a solid foundation for applications to deployed on, according to Nathan McCauley, director of security at Docker Inc.
"None of the exploits we have seen had anything to do with the containers," he said. "The exploits always involved the applications running inside of the container."
Even if there is a vulnerable application running in a container, McCauley said the container boundary can help to contain threats and mitigate risks, as the native Docker container boundary provides a degree of segmentation and isolation.
The container boundary can also make it more difficult for an attacker to move laterally, causing the attacker to spend more time on an attack. McCauley noted that the security concept of "dwell time" works well in Docker's favor: The longer an attacker is present inside a network attempting to get data out, the more likely a defender will detect and respond to the attack.
"One of my sources of great happiness in the space is that there are so many people working on the detection phase," McCauley said.
Too Many Security Vendors?
In response to a question eWEEK asked the panel about whether there are too many vendors in the container security space, Simon Leech, technologist on the EMEA Digital Solutions and Transformations team at HPE, said, "I don't think there can ever be too many solutions if they are solving the right problems."
Leech expanded on his answer by saying that not all the vendors that were on the DockerCon EU stage for the security panel do the same things, and no one vendor does everything that is likely needed. There is also a role that hardware plays in security, he said, which is an area where HPE fits in with its latest generation of servers.
According to John Morello, CTO of Twistlock, all vendors can learn from each other and see what different approaches are being used. In his view, what differentiates Twistlock from the competition is the completeness of the platform. Twistlock also has a powerful model that can learn and understand the normal behavior of an application to create a baseline that makes it possible to know when something has gone wrong, he added.
There is a lot of money in container security, Aqua Security Technology Evangelist Liz Rice pointed out. On Sept. 19, Aqua announced that it had raised $25 million in a Series B round of funding, bringing total funding to date for the company to $38.5 million. Twistlock raised $17 million in new funding on April 25, with total funding to date for it now at $30 million. StackRox emerged from stealth mode in July and to date has raised $14 million.
Rice agreed with Morello that container security vendors can learn from each other. That said, Aqua Security has its own differentiation as well.
"Our motto is secure once, deploy anywhere," Rice said. "So whatever cloud provider you have, you can take your security solution with you."
StackRox’s Dang, however, believes there are too many vendors in container security space, saying too many of them overlap with what the Docker platform can do. Customers should understand what the Docker platform already provides for security and then look to outside vendors only for additional capabilities, he said.
"For the vendors in the space, we need to be focused on solving the deep, complex problems that security teams have," he said.
One way StackRox aims to differentiate itself from its container security competitors is by focusing on chief information security officers (CISOs) and security operations teams to help them to do their jobs and limit attack vectors.
"Where stand-alone container security vendors should focus—and where I think the opportunity for us is—[is going] really deep, while the [Docker] platform can go broad with the build and deploy parts of the container life cycle," he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.