Considerations for Security Controls in Containerized and Virtual Environments

by | Jun 15, 2020 | Blog, Outside Intel

Current security controls will need to be re-defined based on how we protect the enterprise with two primary considerations: containerized and virtualized environments according to CIO and CISO of Risk Management Solutions (RMS) Dave Ruedger.

Looking towards the future, there should be numerous endpoint solutions with protective controls, and network security could be very locked down with defined vendors. Furthermore, threat intelligence should generally support “on-network” environments that feed data to a SIEM to augment endpoint and network data.

Areas that are relatively formative and represent large-scale risk are cloud environments and containerized environments.

Container Security

Many medium and large organizations dedicate significant resources to vulnerability management to harden the baseline image, the application stack, and SaaS web application security controls. However, the container environment, by its nature, is part of a larger hosting environment that presents two levels of configuration risk, one at the server level and another at the container level.

Even with some automation, it currently takes a lot of manpower and time to understand what is normal within the container environment, and what is a misconfiguration or a potential zero-day attack.

While there is not necessarily evidence yet of an increase in targeting container environments, attackers are starting to look at ways to exploit the topology itself. If attackers know what takes place in the DevOps automation process, they can cause a lot of problems in production, especially for companies that have a need for constant up time in their business models.

Ruedger recommends security teams adopt an insider threat approach to manage the risk of malicious actions within these containerized environments.

Virtual Environments

A lot of organizations are thinking about what it means to be “on network” and shifting to a cloud-first model, which requires a re-evaluation of security controls.

Many tech companies are going to models where authenticated users that use authenticated apps and take advantage of zero trust security control models where they may not even need services like a VPN.

Another option would be to implement a VDI approach using virtualized environments. If these virtualized environments are configured appropriately with established controls in place, they provide more flexibility, while maintaining the security posture.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks