Rise of DevOps exposes organisations to risk via container vulnerabilities

Tripwire has publisjed the results of a study examining the security practices and concerns of container technology. Tripwire's study, conducted in partnership with Dimensional Research in November 2018, surveyed 311 IT security professionals who manage environments with containers at companies with over 100 employees.

According to Tripwire’s study, 60 percent of respondents reported their organisations have experienced container security incidents in the past year. Yet, of the 269 respondents who currently have containers in production, 47 percent said they deployed containers known to have vulnerabilities, while 46 percent admitted they deployed containers without knowing whether or not they had vulnerabilities.

"It’s concerning, but not surprising, that nearly half of the respondents said they knowingly deploy vulnerable containers,” said Tim Erlin, vice president of product management and strategy at Tripwire. “With the increased growth and adoption of containers, organisations are feeling the pressure to speed their deployment. To keep up with the demand, teams are accepting risks by not securing containers. Based on what this study found, we can see that the result is a majority of organisations experiencing container security incidents."

DevOps teams’ increasing use of containers to accelerate software development and deployment has added complexity for security teams. As Tripwire’s study found, 94 percent of respondents acknowledged they are concerned about container security. Among their concerns, inadequate container security knowledge among teams, limited visibility into the security status of containers and container images, as well as the inability to assess risk in container images prior to deployment ranked the highest.

Additional findings from the study include:

  • Seventy‐five percent of those with more than 100 containers in production have reported an incident.
  • Seventy‐one percent of the total respondents expect the rate of container security incidents to increase in 2019.
  • Ninety‐eight percent believe they need additional security capabilities. Only 12 percent believe they could detect a compromised container within minutes.
  • Forty‐two percent have either delayed or limited container adoption due to security concerns.

Erlin added: "There's a belief that you have to accept a significant amount of risk to take advantage of containers, but that’s not true. Security can and should be embedded into the DevOps life cycle, incorporating vulnerability and configuration assessment of container infrastructure to monitor risks from build to production."

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
73% of organizations lack automated patch management, and 62% experienced incidents involving exploitation of a vulnerability for which a patch was available but had not yet been deployed.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with certain of its affiliates, “Clearlake”) to acquire the Company from Francisco Partners. Patrick Nichols, current CEO of Quest, will continue to lead the Company supported by the existing executive management team. Upon closing of the transaction, Clearlake will become the majority shareholder in Quest. The terms of the transaction were not disclosed.
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to help secure, isolate and recover data from a ransomware attack.
Aqua’s cloud native application protection platform becomes the only solution that protects cloud applications, their code, and their CI/CD infrastructure.
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities compared to legacy on-premises hardware and appliance-based models.