CloudPassage today announced that its market-leading agile security platform for cloud and virtual infrastructure now protects applications deployed with Docker, a fast growing open platform that automates the deployment of applications inside software containers. Using CloudPassage, companies now have near real-time visibility and comprehensive enforcement of security policies for virtual infrastructure at a container level. This dramatically improves their security posture, enhances compliance and reduces the risk presented by threats.
The Docker Engine has been downloaded more than 70 million times, making it the second most popular open source project in 2014 (behind OpenStack). The platform provides an additional layer of abstraction and automation of OS-level virtualization on Linux servers. Docker enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments. As a result, IT organizations can ship faster and run the same app, unchanged, on laptops, data center VM’s and in any cloud infrastructure.
“Companies are dumping their data centers and quickly adopting technologies like Docker that allow them to abstract, automate and orchestrate software-defined data centers,” said Carson Sweet, a 22-year veteran of the security industry and CEO of CloudPassage. “The benefits are enormous in terms of agility, speed and cost. These environments demand a new approach to security, one that protects at a deeper level than just the perimeter.”
For decades, IT security has been built around models that assume availability of fixed perimeters, physical hardware and close proximity of data. Cloud environments, virtualized data centers and container technology like Docker disrupt these assumptions dramatically. The dynamic, automated and abstracted nature of these environments has made it extremely difficult for businesses to detect and respond quickly to critical security vulnerabilities, as well as remain compliant with ever-increasing regulations.
Although Docker provides basic security functions, it still requires the customer to implement additional controls to control access, configure file system attributes and prevent designated processes from accessing the Docker Engine.
CloudPassage solves these problems by providing a full suite of security and compliance capabilities for Docker deployments, including:
- Configuration policies based on best practices for securing Docker containers.
- Software vulnerability assessment automatically scans for vulnerabilities in packaged software across all Docker deployments, in just minutes.
- File integrity monitoring protects the integrity of Docker containers by constantly monitoring for unauthorized or malicious changes. Any differences detected are logged and reported to the appropriate administrators.
- Log-based intrusion detection continuously monitors important server log files for events that should not happen, indicating misuse, misconfiguration, or even a compromise.
- Strong access control enables secure remote network access using two-factor authentication with no additional software or infrastructure. This keeps server ports hidden and secure while allowing temporary access on-demand for authorized users only.
- Firewall micro-segmentation can be leveraged to secure both the Docker Engine and Docker containers.