Qualys Announces Container Runtime Security
November 04, 2020

Qualys announced Container Runtime Security, which provides runtime defense capabilities for containerized applications.

This new approach instruments an extremely lightweight snippet of Qualys code into the container image, enabling policy-driven monitoring, detection and blocking of container behavior at runtime. This capability eliminates the need for cumbersome management of sidecar and privileged containers by security solutions that are difficult to manage and administer on host nodes and don't work in container-as-a-service environments. Qualys Runtime Container Security, once instrumented in the image, will work within each container irrespective of where the container is instantiated and does not need any additional administration containers. This new solution addresses, in real time, container security use cases like critical file-access monitoring and blocking, network micro-segmentation, vulnerability and exploit mitigation, and virtual patching.

Now security teams can implement a comprehensive container security program with a single solution that includes vulnerability management, and detection and response across the build-ship-run container pipeline.

With Qualys Container Runtime Security, customers can:

- Perform comprehensive, policy-driven monitoring and blocking of container runtime behavior including file access, network communications and process behaviors

- Create granular custom behavioral policies, use policies from the built-in policy library or automatically generate policies based on learned container behaviors

- Instrument container images in the CI/CD build pipeline with an innovative "follow the image" instrumentation approach which allows for standardized, guaranteed container runtime security across all types of container environments like Docker, Kubernetes, AWS Elastic Kubernetes Service, AWS Elastic Container Service, Azure Kubernetes Service, and Google Kubernetes Engine, as well as including container-as-a-service environments like Azure Container Instances, AWS Fargate and Google CloudRun.

"The growth of Kubernetes comes at a time when it is adept at solving many pertinent problems in IT and software development today. However, new tools are needed to secure containers, as container-based application development is a completely different approach to software," said Frank Dickson, Program VP, Security Products at IDC. "Kubernetes can be managed as immutable infrastructure; however, the reality is that container configurations can drift during runtime. The Qualys approach empowers security to follow the container image with built-in instrumentation, enabling visibility and behavior enforcement for running containers. The solution also facilitates a 'follow the container' approach, providing DevOps and application teams future-proof development protection as applications migrate to more mature container and managed container environments such as Docker, Kubernetes, AWS Fargate and others."

"Detection and Response in a single application across the container DevOps pipeline is key to effectively secure the containerized applications, as the high-velocity DevOps container pipeline can be exploited by malicious actors at runtime," said Philippe Courtot, chairman and CEO of Qualys. "Therefore, we must build security into cloud workloads and extend protection into running containers. Qualys brings defense capabilities to our Container Security solution with the addition of policy-driven behavior detection and response capabilities to protect running containers on-premises, in private clouds or in container-as-a-service public clouds."

Qualys Container Security solution with runtime capabilities is now available.

Share this

Industry News

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.

November 24, 2020

DataStax released K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes.

November 23, 2020

Spectro Cloud has released a new, self-hosted version of its flagship product, Spectro Cloud.

November 23, 2020

GitLab completed integration of Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing.

November 23, 2020

Fugue announced the availability of its SaaS product in AWS Marketplace, further simplifying the process for Amazon Web Services customers to use Fugue to bring their environments into compliance quickly, demonstrate compliance at any time, and Shift Left on cloud security.

November 19, 2020

Rollbar announced AI-assisted workflows powered by its new automation-grade grouping engine.

November 19, 2020

Buildkite expanded its integration with GitHub and introduced a new onboarding experience.

November 19, 2020

Rancher Labs launched a new Partner Program for the OEM and embedded community.

November 18, 2020

Puppet announced its evolution to an integrated automation platform to enable key business initiatives such as scaling DevOps, risk reduction, policy as code, and evolving cloud strategies.

November 18, 2020

Adaptavist has joined the GitLab partner program as a Select partner.

November 18, 2020

Postman launched the beta version of public workspaces, a hub that makes it possible for both API producers and consumers to seamlessly communicate and collaborate in real time without team or organizational boundaries.

November 17, 2020

Red Hat introduced new capabilities for Red Hat Enterprise Linux and Red Hat OpenShift intended to help enterprises bring edge computing into hybrid cloud deployments.

November 17, 2020

Humio announced the availability of the Humio Operator.

November 17, 2020

Accurics announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize.