The knowledge gap around runtime security and the associated risks
According to Aqua Security’s 2021 Cloud Native Security Practitioner study, only 3% recognize that a container, in and of itself, is not a security boundary, indicating that the default security capabilities of containers are overestimated. This result is especially alarming in conjunction with the fact that only 24% of respondents have plans in place to deploy the necessary building blocks for runtime security.
“The results of the survey showcase a staggering knowledge gap that leads to an underinvestment in a critical part of full lifecycle, end-to-end security for cloud native applications,” said Amir Jerbi, CTO at Aqua Security. “When practitioners fail to implement a holistic approach with protecting their workloads at runtime, they are opening up their environments to attackers, since even the most complete ‘shift left’ vulnerability and malware detection cannot prevent zero-day attacks and administrator errors.”
The report demonstrates the difficulty and complexity of understanding key cloud native security risks, along with how to counteract them. Despite recent reports showing the increased sophistication of cloud native attacks, only 18% realize they are at risk for zero days in containerized environments.
Confidence vs. reality
While 32% of respondents were confident in overall holistic runtime security protection, detailed questions revealed that less than 23% of respondents in fact had the necessary building blocks of runtime security in place.
Supply chain risks
A knowledge gap around workload protection has led to a striking number of practitioners who believe they are protected from supply chain attacks in production, but in fact are not.
While 73% believed that they could stop software supply chain attacks evading static analysis, there was an apparent misconception about the role of runtime security in achieving this protection.
“There is a concerning overconfidence in the perceived ability to prevent supply chain attacks. The reality is that runtime security is essential because sophisticated supply chain attacks evade static analysis. We see unnamed attackers use legitimate vanilla images to download malicious elements at runtime, Kinsing malware that only downloads in runtime, and attackers like Team TNT who hide their malicious communications attacking our honeypots on daily basis,” said Jerbi.
Increasing container threats
In a recent threat report, Aqua Security found that attackers are becoming more proficient at hiding their methods and evading static scanning, while threats to container based environments have become more dangerous and more varied.
Over a six-month period, researchers observed honeypots being attacked 17,358 times, representing a 26% increase from just six months previously. The increasing volume of attacks demonstrates the importance of implementing holistic cloud native security, including runtime protection, in order to protect against attackers who have evaded detection and have access to the production environment.
“Holistic cloud native security should be every practitioner’s goal. It is not just about runtime security or any other one focus area. It is about ensuring the entire application life cycle is covered, from the build to the infrastructure and the workloads,” said Jerbi.