Default Security Capabilities of Containers Are Overestimated
July 29, 2021

Only 3% of respondents recognize that a container, in and of itself, is not a security boundary, indicating that the default security capabilities of containers are overestimated, according to the 2021 Cloud Native Security Survey from Aqua Security.

This result is especially alarming in conjunction with the fact that only 24% of respondents have plans in place to deploy the necessary building blocks for runtime security.


"The results of the survey showcase a staggering knowledge gap that leads to an underinvestment in a critical part of full lifecycle, end-to-end security for cloud native applications," said Amir Jerbi, co-founder and CTO at Aqua. "When practitioners fail to implement a holistic approach with protecting their workloads at runtime, they are opening up their environments to attackers, since even the most complete ‘shift left’ vulnerability and malware detection cannot prevent zero-day attacks and administrator errors."

The report demonstrates the difficulty and complexity of understanding key cloud native security risks, along with how to counteract them. Despite recent reports showing the increased sophistication of cloud native attacks, only 18% of respondents realize they are at risk for zero days in containerized environments.

Confidence vs. Reality

While 32% of respondents were confident in overall holistic runtime security protection, detailed questions revealed that less than 23% of respondents in fact had the necessary building blocks of runtime security in place.

Supply Chain Risk

A knowledge gap around workload protection has led to a striking number of practitioners who believe they are protected from supply chain attacks in production, but in fact are not. While 73% believed that they could stop software supply chain attacks evading static analysis, there was an apparent misconception about the role of runtime security in achieving this protection.

"There is a concerning overconfidence in the perceived ability to prevent supply chain attacks. The reality is that runtime security is essential because sophisticated supply chain attacks evade static analysis. We see unnamed attackers use legitimate vanilla images to download malicious elements at runtime, Kinsing malware that only downloads in runtime, and attackers like Team TNT who hide their malicious communications attacking our honeypots on daily basis," said Jerbi.

Increasing Container Threats

In a recent threat report, Aqua found that attackers are becoming more proficient at hiding their methods and evading static scanning, while threats to container based environments have become more dangerous and more varied. Over a six-month period, Aqua observed honeypots being attacked 17,358 times, representing a 26% increase from just six months previously. The increasing volume of attacks demonstrates the importance of implementing holistic cloud native security, including runtime protection, in order to protect against attackers who have evaded detection and have access to the production environment.

"Holistic cloud native security should be every practitioner’s goal. It is not just about runtime security or any other one focus area. It is about ensuring the entire application life cycle is covered, from the build to the infrastructure and the workloads," said Jerbi.

Methodology: The study surveyed 150 cloud native security practitioners and executives from IT, Security and DevOps teams, across sectors including financial services, technology, healthcare and pharma, industrials, and retail among others. Participants were from the United States, Canada, United Kingdom, Germany, Australia and India.

Share this

Industry News

September 23, 2021

Shortcut, the collaborative home for modern software teams, announced new Team-to-Workflow functionality.

September 23, 2021

Portainer announced the launch of its Portainer Business Charmed Operator, allowing for seamless integration with Canonical’s Charmed Kubernetes distribution.

September 22, 2021

Parasoft announced the launch and extension of its static application security testing (SAST) and API testing platform with penetration testing, shifting security testing into developer workflows.

September 22, 2021

Synopsys announced a new partnership with The Chertoff Group, a global advisory services firm that applies security expertise, technology insights, and policy intelligence to help clients build resilient organizations, gain competitive advantage, and accelerate growth.

September 21, 2021

ShiftLeft announced that its unified code security platform, ShiftLeft CORE, is now available on the AWS Marketplace.

September 21, 2021

JFrog announced its JFrog Artifactory and JFrog Xray solutions are now accredited in Iron Bank and available via Platform One.

September 21, 2021

GitKraken acquired BigBrassBand and its popular Git Integration for Jira.

September 20, 2021

D2iQ announced version 2.0 of the D2iQ Kubernetes Platform (DKP).

September 20, 2021

Platform9 joined Intel's Open Retail Initiative (ORI) and launched a new software-defined store solution.

September 20, 2021

FireMon has acquired DisruptOps.

September 16, 2021

SnapLogic released the latest version of its new SnapLogic Flows solution.

September 16, 2021

Postman launched a new version of its API Management platform.

September 16, 2021

Progress announced its R3 2021 release of Progress Telerik and Progress Kendo UI.

September 15, 2021

Progress announced the availability of Progress Sitefinity DX 14.0.

September 15, 2021

Launchable, the intelligence platform layer for all software testing, announced their latest addition to the platform, Flaky Tests Insights (beta).