Am I Isolated: Open-source container security benchmark
Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation.
The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’ runtime environments to offer stronger isolation guarantees.
“The status quo of containers is that they don’t contain. The lack of container isolation has dire consequences in a cloud native environment, including container escapes, theft of secrets, and customer data. The lack of container isolation is pernicious as it is invisible. We created Am I Isolated so anyone can visualize the lack of isolation in their cloud native environments and educate the community about the steps they can take to secure their environments from these dire threats,” Jed Salazar, Field CTO, Edera, told Help Net Security.
Containers are just processes on a host, so isolation is critical to workload and multi-tenancy security because it limits the blast radius of container escapes and security incidents.
Am I Isolated also probes for ambient privileges and common misconfigurations made by DevOps teams and platform engineers when setting up their containerized applications or container runtime environments. It provides ongoing testing against container escape techniques.
Future plans and download
“Am I Isolated will track new and emerging threats to the cloud native ecosystem and give practical advice to the community to mitigate against new risks. We plan on adding several major features, including weighted risks, improved documentation, visualization, and performance, and suggested configurations to mitigate Am I Isolated’s findings,” Salazar commented.
Am I Isolated is available for download on GitHub.
Must read:
- 33 open-source cybersecurity solutions you didn’t know you needed
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time