Last month, Alert Logic announced the industry’s first network intrusion detection for containers. Since then, we have been going “under the hood” so to speak with a three-part blog series about our unique approach to container security. If you haven’t already checked out the first two blogs in the Container Q&A series, take a look:
- Intrusion Detection for Containers Q&A: A Critical Part of the Container Security Landscape
- Intrusion Detection for Containers Q&A: NIDS vs. HIDS and the Importance of Metadata for Container Security
We are pleased to share the final section of our series:
What is the Deployment Process for Alert Logic IDS for Containers?
Deploying Alert Logic’s container security solution is extremely simple, fast, and hands off. Perhaps a “real-life story” best sums it up. A little over a year-and-a-half ago, we launched a migration of our microservices architecture from a traditional AWS EC2-based architecture to one that could be deployed on a container ecosystem. We chose AWS ECS for a variety of reasons, but mostly it was due to the level of automation we had tied with CloudFormation. We focused heavily on being able to automate everything within the infrastructure and that meant ensuring we could deploy, manage, and manipulate our container environment with ease.
We auto scale 100% across the board with our AWS ECS hosts and containers. We see our ecosystem scale up and down between 100 to 200 AWS ECS hosts, and see our microservices scale up and down between 2000 and 5000 containers. So, as we began to work on our container security solution, we kept all our experiences working within our own container ecosystem at the front of our minds. We wanted to build a solution that could be deployed fast, could be delivered at the speed we scale, and could handle the workload it would be asked to handle at the network inspection level. When it was time for us to “eat our own dog food”, we deployed our container security solution using our own Continuous Deployment pipeline.
It literally took us 15-20 minutes to have ALL our containerized ecosystem protected by Alert Logic’s container security solution. Getting up and running is not only fast, but it’s also easy! Just use the same self-service practices you have in place for the rest of your container environment. Our customers get the Alert Logic container image from Docker, and the configuration parameters from GitHub. In fact, the download rate of our container security capabilities on DockerHub is off the charts – exceeding 10 million pulls already.
Has the continuous development pipeline been a key consideration for Alert Logic’s container development strategy?
Over the past two years, Alert Logic has achieved an extremely elevated level of automation regarding how we deploy our back-end microservices that make up our SaaS platform. When we were talking through the container security initiative, one of the features I was adamant about was that our solution had to be extremely simple to deploy and it had to be deployed just like any other container-based service we develop internally. Our continuous deployment pipeline had to be able to easily push the container security solution out into our infrastructure and the solution had to “magically” configure and begin working with minimal to zero effort and no manual intervention. That’s a pretty high bar to set and, frankly, we knocked it out of the park.
Our container security solution deploys just like any other container would in an infrastructure. If you deploy with AWS ECS, then it is a simple AWS ECS Task Definition that is deployable via AWS CloudFormation. If you deploy with AWS EKS or Kubernetes, then it is a simple defined DaemonSet. You do not have to build the container security solution since it is already built as an image referenced in the AWS ECS Task Definition or Kubernetes DaemonSet. Going even further, you don’t have to configure Alert Logic’s security container. And even better, if Alert Logic Threat Manager is deployed in your environment, the container solution automatically claims, aligns to Threat Manager, and begins protecting your environment. It is an incredibly simple solution.
Now, where you could apply this in the “software deployment pipeline” is straight forward. Even at Alert Logic we rely on our own security tools to reduce security risks in our Continuous Deployment lifecycle. At Alert Logic, we deploy our container security solution EVERYWHERE we have container infrastructure running. Whether this is in an integration environment or production environment, it doesn’t matter to us and we protect them all because a security problem anywhere is bad. We conduct Continuous Testing within all our environments and are always validating our own security. Our container security solution is a key part of that, along with the rest of our portfolio.
What are the Compliance Implications of Better Container Security?
Building a stronger security posture will positively impact your ability to comply with most security compliance regulations. For instance, when you look at GDPR Compliance and the language they use to describe breaches and disclosure, if you are able to correctly state what happened during an incident, this will could prevent you from being subject to a potentially massive fine. So, if you can lock that down and simplify the scope of the breach, it’s not only good for your customers, of course, but it’s also good for you from the GDPR perspective. And this has implications for other regulations as well—particularly the ones that have thresholding — where if a breach falls below a certain level, you don’t have to disclose at all. In that way, understanding precisely what was breached can be very helpful. Without having full visibility into container attacks, this is impossible.
Being able to inspect network traffic at this level is extremely important for compliance initiatives. A massive representation of what is run in containers are services and applications that feed public facing platforms, many of which are subjected to compliance requirements that state Intrusion Detection or Prevention is necessary. So, a significant piece of solving the compliance puzzle is wrapped up in being able to do packet level inspection, which cannot be done without a solution like the one we’ve built. At least not to this level of granularity.
A Final Word about Container Security
If you’re interested in learning more about what it takes to stay ahead of container-based attacks, download our Container Security Workbook: A Container Security Best Practices Guide. This guide walks through some of the best practices to leverage while building your container security strategy and provides a useful workbook to put some of these ideas into practice in your organization.
