3 Pillars of Intent-Based Security for Containers
February 01, 2017

Ben Bernstein
Twistlock

The concept of intent-based security is a new way of looking at applications, specifically those in a containerized environment, down to the application level and adding in extra security. It uses the power of the developer in order to produce a more predictable and secure environment that can be enforced.

To elaborate, today there is more information flowing from the developer. Historically, when developers wrote their code, if you asked them which processes are running in the operating system where their code is running, they would have no idea. Conversely, if they develop a container-based application, they know exactly which processes are running, because they produced the entire container stack top to bottom. Developers must be able to describe the entire OS stack in order for their containers to run. This enables everything to be more automated and it typically results in everything being delivered in small frequent pieces and updates.

When it comes to DevOps and containers, the unique nature of the process and technology allows the intent-based security model to capitalize on three pillars:

1. Containers are declarative

When a developer writes the code, he/she does not just write the code, he/she writes a manifest that describes how this code should work and how it should interact with its environment. While the developer does not provide you with a real security manifest, you can translate the extra information that you have and try to create a security profile. With containers you have dockerfile, you might have a pod, you might have an application group if you're running on top of mesosphere. There is a lot of information in the system that you could use in order to understand what is supposed to happen.

2. Containers are predictable

When you look at containers, they contain less specific logic and more common building blocks because containers are typically made out of layers you download that someone else created.

For example, if you're creating a container, you don't write the OS from scratch, you take an Ubuntu. If you're using MySQL, then you'll just take a MySQL layer and put it in your container. And then if, on top of that, it's just a database and you want to add a thin layer of configuration, you've got Ubuntu, MySQL and on top of that a little bit of configuration. That's a pretty predictable piece of software. It's very minimalistic, there's not a lot of logic in it and it's built out of common building blocks. So you could basically assume what that piece is supposed to do. But even if it wasn't just configuration and there was some logic in it, it would contain less logic than a virtual machine would because it's a microservice. Baselining behavior based on a more minimalistic microservice is much easier than it was in the case of virtual machines.

3. Containers are immutable

In the past, it was hard to understand if something happening with the application was really an attack or not. In the case of containers, whenever you patch a container or change its real intent, it should not happen in real time. What happens is the developer changes things and then he/she pushes in a new version. He patches the OS or adds new functionality and then pushes in a new container and scratches the old one. This gives you a lot of power from a security standpoint because, for the first time ever, if you see a polymorphic change in the behavior of the application (if it starts behaving differently) it's either a configuration drift, which is bad, or a real attack. And depending on the other indicators, you can understand if you're seeing an event that looks like an attack or not.

Leveraging these three pillars, there is a powerful opportunity to use whitelisting, for example, to approve known good processes. In combination with application intent analysis, enforcement measures help to support the intent-based security model and preserve the original intent of the application.

Ben Bernstein is CEO and Co-Founder of Twistlock.

The Latest

October 19, 2017

In light of the recent Equifax breach, Gene Kim and speakers from the upcoming DevOps Enterprise Summit San Francisco (DOES17) dissected the situation and discussed the technical leadership lessons learned while offering their own expert advice for handling crisis situations. The following are more highlights from the discussion ...

October 18, 2017

In light of the recent Equifax breach, Gene Kim and speakers from the upcoming DevOps Enterprise Summit San Francisco (DOES17) dissected the situation and discussed the technical leadership lessons learned while offering their own expert advice for handling crisis situations ...

October 16, 2017

A survey of more than 750 development team leaders in the US and UK, revealed that 68 percent plan to build more apps during the next 12 months. At the same time as reporting increased volumes of development, 91 percent of developers surveyed agree that user expectations for innovation and quality have increased, but app deliveries continue to fail ...

October 12, 2017

Today, organizations must digitally evolve or they risk becoming irrelevant. One area that’s been growing in adoption is a shift to developing and deploying modern applications in the cloud, which requires software and IT architects to rethink how to architect and manage these apps ...

October 10, 2017

Designing and deploying complete software-defined data centers (SDDCs) can be complicated because each implementation requires a broad range of infrastructure to support heavy demands for compute, networking, storage, applications and security ...

October 05, 2017

According to LogiGear's State of Software Testing Survey, almost one-third of the respondents are experiencing classic test automation issues. One problem commonly cited among respondents was that management didn’t fully understand what it takes to have a successful automation program ...

October 04, 2017

Load balancing at the DNS (Domain Name System) level has been around for a few decades now, but it didn't become crucial until recently as technology is moving to the cloud. DNS is the perfect solution for managing cloud systems ...

October 02, 2017

QualiTest recently compiled a data report analyzing software testers globally. The report details the Quality Assurance and Software Testing job market, one of the fastest growing job markets and a bellwether of tech employment due to QA's involved in nearly every conceivable industry ...

September 28, 2017

API use is exploding among developers, as APIs are an essential part of software development for the web, IoT, mobile and AI applications. APIs allow a developer to create programs or apps that can successfully request services or data from other applications or operating system. This connectivity, though powerful, is complex, and that complexity grows with new apps, new hardware such as the new iPhone and Echo, and the creation of new APIs ...

September 26, 2017

Companies are placing a greater value on high performing IT professionals as IT demands continue to escalate, according to Puppet's DevOps Salary Report ...

Share this