VMware adds container runtime security capabilities to improve security for cloud-native workloads in addition to Carbon Black.
Containers are growing in popularity, making them attractive targets for hackers. That’s why VMware is adding key enhancements to better protect containerized applications. Bundled together under the heading of runtime security, the manufacturer includes these new features:
- Runtime image and cluster scanning allows security and DevOps teams to automate runtime vulnerability scanning and customize policies to reduce risk and ensure that images used in active containers are secure. This image scanning extension allows images to be scanned in Kubernetes clusters, whether they are on-premises or in the cloud.
- Integrated alert dashboard provides one place for security teams to view events and address anomalies in their runtime environment and allows for faster investigation and correlation of events from both host and container layers.
- Kubernetes visibility mapping allows DevOps and security teams to quickly understand the architecture of an application that was in place prior to deployment. This allows them to better identify egress destination connections, potential workload policy violations and vulnerable images.
- Anomaly detection uses artificial intelligence to standardize network modules and alert SecOps teams about any anomaly in that module, which is critical when setting up new workloads.
- Egress and ingress security provide security teams with additional visibility into the remote source contacting the Kubernetes service. They also provide easier detection of malicious egress connectivity based on IP address and behavioral data.
- Threat detection allows customers to scan open ports to check for vulnerabilities and quickly see if a lateral attack is in progress. If an attacker tries to exploit a vulnerability to devise the next lateral move, the internal port scan and egress port scan generate an alert.
Everything in one dashboard
According to VMware, attackers often try to hide in all the noise in an environment. Container runtime security helps eliminate this noise, providing alerts about real, active events or blocking them immediately, without affecting the application or user experience.
By consolidating these events into a single dashboard, security teams can accelerate their investigation of incidents affecting endpoints, virtual machine workloads and containerized workloads. This helps to better understand their overall security posture while reducing “alert fatigue,” effectively managing risk and more easily enforcing compliance.