Posts

How to Establish your Next-Gen Data Center Security Strategy

In 2019, 46 percent of businesses are expected to use hybrid data centers, and it is therefore critical for these businesses to be prepared to deal with the inherent security challenges. Developing a next gen data center security strategy that takes into account the complexity of hybrid cloud infrastructure can help keep your business operations secure by way of real-time responsiveness, enhanced scalability, and improved uptime.

One of the biggest challenges of securing the next gen data center is accounting for the various silos that develop. Every cloud service provider has its own methods to implement security policies, and those solutions are discrete from one another. These methods are also discrete from on-premises infrastructure and associated security policies. This siloed approach to security adds complexity and increases the likelihood of blind spots in your security plan, and isn’t consistent with the goals of developing a next gen data center. To overcome these challenges, any forward-thinking company with security top of mind requires security tools that enable visibility and policy enforcement across the entirety of a hybrid cloud infrastructure.

In this piece, we’ll review the basics of the next gen data center, dive into some of the details of developing a next gen data center security strategy, and explain how Guardicore Centra fits into a holistic security plan.

What is a next gen data center?

The idea of hybrid cloud has been around for a while now, so what’s the difference between what we’re used to and a next gen data center? In short, next gen data centers are hybrid cloud infrastructures that abstract away complexity, automate as many workflows as possible, and include scalable orchestration tools. Scalable technologies like SDN (software defined networking), virtualization, containerization, and Infrastructure as Code (IaC) are hallmarks of the next gen data center.

Given this definition, the benefits of the next gen data center are clear: agile, scalable, standardized, and automated IT operations that limit costly manual configuration, human error, and oversights. However, when creating a next gen data center security strategy, enterprises must ensure that the policies, tools, and overall strategy they implement are able to account for the inherent challenges of the next gen data center.

Asking the right questions about your next gen data center security strategy

There are a number of questions enterprises must ask themselves as they begin to design a next gen data center and a security strategy to protect it. Here, we’ll review a few of the most important.

  • What standards and compliance regulations must we meet?Regulations such as HIPAA, PCI-DSS, and SOX subject enterprises to strict security and data protection requirements that must be met, regardless of other goals. Failure to account for these requirements in the planning stages can prove costly in the long run should you fail an audit due to a simple oversight.
  • How can we gain granular visibility into our entire infrastructure? One of the challenges of the next gen data center is the myriad of silos that emerge from a security and visibility perspective. With so many different IaaS, SaaS, and on-premises solutions going into a next gen data center, capturing detailed visibility of data flows down to the process level can be a daunting task. However, in order to optimize security, this is a question you’ll need to answer in the planning stages. If you don’t have a baseline of what traffic flows on your network look like at various points in time (e.g. peak hours on a Monday vs midnight Saturday) identifying and reacting to anomalies becomes almost impossible.
  • How can we implement scalable, cross-platform security policies?As mentioned, the variety of solutions that make up a next gen data center can lead to a number of silos and discrete security policies. Managing security discretely for each platform flies in the face of the scalable, DevOps-inspired ideals of the next gen data center. To ensure that your security can keep up with your infrastructure, you’ll need to seek out scalable, intelligent security tools. While security is often viewed as hamstringing DevOps efforts, the right tools and strategy can help bridge the gap between these two teams.

Finding the right solutions

Given what we have reviewed thus far, we can see that the solutions to the security challenges of the next gen data center need to be scalable and compliant, provide granular visibility, and function across the entirety of your infrastructure.

Guardicore Centra is uniquely capable of addressing these challenges and helping secure the next gen data center. For example, not only can micro-segmentation help enable compliance to standards like HIPAA and PCI-DSS, but Centra offers enterprises the level of visibility required in the next gen data center. Centra is capable of contextualizing all application dependencies across all platforms to ensure that your micro-segmentation policies are properly implemented. Regardless of where your apps run, Centra helps you overcome silos and provides visibility down to the process level.

Further, Centra is capable of achieving the scalability that the next gen data center demands. To help conceptualize how scalable micro-segmentation with Guardicore Centra can be, consider that a typical LAN build-out that can last for a few months and require hundreds of IT labor hours. On the other hand, a comparable micro-segmentation deployment takes about a month and significantly fewer IT labor hours.

Finally, Centra can help bridge the gap between DevOps and Security teams by enabling the use of “zero trust” security models. The general idea behind zero trust is, as the name implies, nothing inside or outside of your network should be trusted by default. This shifts focus to determining what is allowed as opposed to being strictly on the hunt for threats, which is much more conducive to a modern DevSecOps approach to the next gen data center.

Guardicore helps enable your next gen data center security strategy

When developing a next gen data center security strategy, you must be able to account for the nuances of the various pieces of on-premises and cloud infrastructure that make up a hybrid data center. A big part of doing so is selecting tools that minimize complexity and can scale across all of your on-premises and cloud platforms. Guardicore Centra does just that and helps implement scalable and granular security policies to establish the robust security required in the next gen data center.

If you’re interested in redefining and adapting the way you secure your hybrid cloud infrastructure, contact us to learn more.

Want to know more about proper data center security? Get our white paper about operationalizing a proper micro-segmentation project.

Read More

Have You Heard the News? Guardicore Employees Making Waves in Cybersecurity

Here at Guardicore, our employee successes are always a cause for celebration. We love seeing their names up in lights when they gain media attention for their achievements in cybersecurity and beyond.

With that in mind, let’s take a closer look at some of our Guardicore family who have hit the headlines recently, and understand why the Guardicore culture promotes and attracts this kind of success.

Encouraging our Diverse Voices

Ola Sergatchov, our Vice President of Corporate Strategy, was recently recognized as one of The Software Report’s Top 25 Women Leaders in Cybersecurity for 2019. An Executive Leader at Guardicore, Ola encourages women in technology to pursue both technical and leadership positions with creativity, integrity, and determination. Ola has more than 20 years in the industry, and combines technical knowledge with strategic business experience and an innovative flair.

On the topic of awesome Guardicore women who are gaining press attention, check out Danielle Kuznetz Nohi, Guardicore’s Information Security Researcher and Team Leader, featured in this article on female voices that are making a difference in cybersecurity. She talked about how she looks for the right skill set and personality when she is hiring for her team, applicants who show creativity, communication, organization and superb management ability.

Age is Just a Number

An open mind when it comes to hiring practices is an area where many companies fall short, often focusing on the age and experience of candidates rather than their skills and raw talent and potential to contribute. In contrast, at Guardicore we look for the right talent, no matter where it comes from. Rather than restricting ourselves to one ‘type’ of person, we look for interesting people with fresh ideas who can add to our teams. Omri’s story has attracted a lot of interest, as he was just 18 years old when he came to work for us. His high school teacher had sparked his interest by teaching him Scratch, and he began developing his own applications and programming websites.

When Omri applied to Guardicore, Daniel Goldberg, our Information Security Expert and Security Researcher, said that the decision to hire him was an easy one, although he knew that Omri could only join the team for a few months and then would leave for his army service. He saw the win-win nature of the situation, and said yes where others may have said no. Tangling with the bad actors and malicious hackers that only the top percentage of security experts ever grapple with is an unusual experience for any teenager, and one that Omri feels has prepared him for both his army intelligence unit, and an ongoing career in hi-tech.

Innovation and Fresh Thinking

A fresh voice shouting out from the frontlines of cybersecurity research, Ophir Harpaz is a reverse-engineering enthusiast, sharing her skills through her pet project, begin.re where even beginners can get some hands-on advice and knowledge. She was recently featured in 21 Cybersecurity Twitter Accounts You Should Follow for bestowing her insight and practical know-how to the masses. Innovative and exciting, it’s easy to see why she is such a good fit for Guardicore Labs.

Sharing her own story on her experience in cybersecurity, Product Manager, Avishag Daniely was recently featured in ITSP magazine, giving her fresh and unique perspective on how minorities in the workplace can fight their fear of failure.

We encourage our staff to work on their own unique personal goals, and then use these to excel in the workplace, too. Expanding the company’s global footprint and extending the search for talent to new markets is increasingly important. With this in mind, for Avishag, becoming confident in business Spanish, learning to present and hold meetings in this language helped her to close the culture gap, whether she was making new connections, presenting to large audiences, or building informal relationships while she temporarily relocated abroad.

The Best People for the Job

Despite the company experiencing great growth over the past few years, one unique element of Guardicore is that we still manage to keep a truly caring culture, the feeling of being one big family, celebrating one another’s successes.

I believe that this has a lot to do with our hiring practices, and how we create a strong, cohesive culture that runs through everything we do as a company. Tune in to my next blog to hear about the steps we put in place to make this happen.

Guardicore Raises $60 Million; Continues to Build Momentum in Cloud and Data Center Security

Led by New Investor Qumra, Funding Fuels Company Growth and Continued Disruption in Firewall and Data Center Markets

Boston, Mass. and Tel Aviv, Israel – May 21, 2019 – Guardicore, a leader in internal data center and cloud security, today announced it has raised $60 million in Series C funding, bringing the company’s total funding to $110 million. This more than doubles the total capital raised to date and represents an endorsement of Guardicore’s current momentum as the company continues to disrupt the broader firewall and data center markets.

“Any organization has critical IT assets that need to be secured. Our distributed, software-defined segmentation solution is the simplest way to secure these assets whether they reside in the cloud or on premises. The days of being chained to legacy firewalls are over,” said Pavel Gurvich, CEO and co-founder of Guardicore.  

New investor Qumra Capital led the round and was joined by other new investors DTCP, Partech, and ClalTech, Access Industries’ vehicle for Israeli technology investments. Existing investors Battery Ventures, 83North, TPG Growth, and Greenfield Partners also participated in the round. Guardicore will leverage the funds to fuel continued growth and accelerate investments in sales, marketing and customer service as it seeks to expand delivery of its Guardicore Centra security platform to enterprise organizations seeking to protect dynamic data center and cloud infrastructure environments. Ram Metser, Executive Chairman of Segterra, Inc., an innovative digital health analytics company, and former CEO of Guardium, Inc., a dominant database security company acquired by IBM, also joined the Guardicore board of directors.

Continued Gurvich, “Since our last round of funding, we have successfully been able to articulate our vision and demonstrate that the market is ripe for disruption. With consistent revenue growth the past three years and large-scale deployments with numerous Fortune 500 customers, we have proven that our product is more intuitive, flexible, and makes security easier to apply than traditional firewall technology currently being used to protect internal and cloud infrastructure. We are displacing incumbent players and newcomers alike as we strive to help our enterprise customers quickly secure their business-critical applications and data, reduce the cost and burden of compliance and secure cloud adoption.”

“Deutsche Bank is committed to the highest standards of security and a high priority for us is implementing tight network segmentation in our on-premise and cloud environments. Guardicore gives us an effective way to protect our critical assets through segmentation,” said Alan Meirzon, Director, Chief Information Security Office at Deutsche Bank, a Guardicore customer.

“Guardicore is changing the way enterprises approach data center security with modern segmentation capabilities that overcome the inherent inefficiencies of traditional techniques and results in stronger security for enterprise environments,” said Boaz Dinte, founding partner of Qumra Capital, investing in exceptional late-stage companies. “Guardicore is disrupting the market and is well positioned to capitalize on the broader opportunities this presents. We were compelled to invest as the lead in this round because we believe Guardicore will play a critical role in shaping the future of enterprise security, helping organizations better protect vital systems and data as we evolve our digital information society.”

“Guardicore is led by an exceptionally strong team with deep tech know-how and has demonstrated consistent growth and momentum since inception. With wide-spread adoption of distributed and hybrid infrastructures, we need a new paradigm for enterprise security outside of classic perimeters,” said Irit Kahan, Managing Director at DTCP, a global investment platform with c. $1.7 billion assets under management from Deutsche Telekom and other institutional investors. “The company’s unique market positioning and attractive roster of customers across the US and Europe, including some of the largest Fortune 500 names, have validated the value and scale of Guardicore’s approach and strong capabilities.”

Guardicore protects data centers of large and mid-sized enterprises across North America, South America, and EMEA in financial, healthcare and retail industries, including global, blue-chip brands.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore Raises $60 Million; Funding Fuels Company Growth and Continued Disruption

Today I am excited to share that we have secured a Series C funding round of $60 million, bringing our total funding to more than $110 million. The latest round was led by Qumra Capital and was joined by other new investors DTCP, Partech, and ClalTech. Existing investors Battery Ventures, 83North, TPG Growth, and Greenfield Partners also participated in the round.

Since we launched the company in 2015, Guardicore has been focused on a single vision for providing a new, innovative way to protect critical assets in the cloud and data center. Our focus, and our incredible team, has earned the trust of some of the world’s most respected brands by helping them protect what matters most to their business. As the confidence our customers have in us has grown, so has our business, which has demonstrated consistent year-over-year growth for the past three years.

Our growth is due to our ability to deliver on a new approach to secure data centers and clouds using distributed, software-defined segmentation. This approach aligns with the transformation of the modern data center, driven by cloud, hybrid cloud, and PaaS adoption. As a result, we have delivered a solution that redefines the role of firewalls and implementing Zero Trust security frameworks. More dynamic, agile, and practical security techniques are required to complement or even replace the next-generation firewall technologies. We are delivering this and give our customers the ability to innovate rapidly with the confidence their security posture can keep up with the pace of change.

Continued Innovation

The movement of critical workloads into virtualized, hybrid cloud environments, industry compliance requirements and the increase of data center breaches demands a new approach to security that moves away from legacy firewalls and other perimeter-based security products to a new, software-defined approach. This movement continues to inspire our innovations and ensure that our customers have a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment.

Our innovation is evident in several areas of the company. First, we have been able to quickly add new innovative technology into our Centra solution, working in close partnership with our customers. For example, we deliver expansive coverage of data center, cloud infrastructure and operating environments, and simpler and more intuitive ways to define application dependencies and segmentation policies. This gives our customers the right level of protection for critical applications and workloads in virtually any environment.

Second, our Guardicore Labs global research team continues to provide deep insights into the latest exploits and vulnerabilities that matter to the data center. They also equip industry with access to open source tools like Infection Monkey, and Cyber Threat Intelligence (CTI) that allows security teams to keep track of potential threats that are happening in real time.

We have also continued to build out other areas of our business, such as our partner ecosystem, which earned the five-star partner program rating from CRN since its inception two years ago, as well as our technology alliances, which include relationships with leading cloud / IaaS infrastructure players such as AWS, Azure, and Nutanix.

Looking Ahead

We are proud of our past, but even more excited about our future. While there is always more work to do, we are in a unique position to lead the market with not only great technology, but a strong roster of customers, partners and, most importantly, a team of Guardicorians that challenge the status quo every single day to deliver the most innovative solutions to meet the new requirements of a cloud-centric era. I truly believe that we have the best team in the business.

Finally, as we celebrate this important milestone, I want to say thanks to our customers who have made Guardicore their trusted security partner. It is our mission to continue to earn your trust by
ensuring you maximize the value of your security investments beyond your goals and expectations.

Guardicore Awarded 5 Stars In CRN’s 2019 Partner Program Guide

Annual Guide Recognizes the IT Channel’s Top Partner Programs; Guardicore Senior Director of Channels Named to 2019 list of CRN Channel Chiefs

Boston, Mass. and Tel Aviv, Israel – April 02, 2019 – Guardicore, a leader in internal data center and cloud security, today announced CRN®, a brand of The Channel Company, has recognized The Guardicore Partner Program with a 5 Star rating in the 2019 Partner Program Guide. Additionally, Guardicore applauds Senior Director of Channels Todd Bice for being named once again to the annual list of CRN Channel Chiefs.

CRN’s annual guide identifies the strongest and most successful partner programs in the channel today, offered by the top technology suppliers for IT products and services.  The 5 Star rating recognizes an elite subset of companies that offer solution providers the best partnering elements in their channel programs.  To determine the 2019 5 Star ratings, The Channel Company’s research team assessed each Supplier’s partner program based on investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support, and communication.

“We are delighted to once again be awarded this 5 Star rating from CRN. Our partners recognize that the Guardicore channel program is designed to drive success by aligning the award-winning capabilities of our Guardicore Centra Security Platform to partners’ unique business models, helping to establish breakthrough go-to-market service offerings and driving new revenue streams,” said Todd Bice, Senior Director of Channels, and a 2019 CRN Channel Chief.

Continued Bice, “Guardicore partners value the best-in-class visibility, software-defined segmentation, and real-time breach detection and response capabilities of our platform, which help to ensure protection of their clients’ most critical assets as they face a growing attack surface and increasing complexities involved in defending hybrid environments. Today’s honor, combined with continued traction in the Managed Security Services market and a 100 percent increase in new partner engagements since last year, demonstrates how much we value our partners and how our commitment to the channel has translated to success for their clients and businesses.”

As a CRN Channel Chief Bice demonstrated exceptional leadership, vision and commitment to Guardicore’s channel partner programs. Channel Chief honorees are selected by CRN’s editorial staff as a result of their professional achievements, standing in the industry, dedication to the channel partner community, and strategies for driving future growth and innovation.

Exclusive Networks recently joined the Guardicore Partner Program as its first value added distributor in North America. Laurent Daudré-Vignier, Exclusive Networks Executive Vice-President North America shares, “Partnering with Guardicore has enabled us to easily expand delivery of cloud security services to our clients. Through its innovative channel program Guardicore enables us to address potential blind spots for our customers, helping to protect critical data center assets in dynamic environments with software-defined micro-segmentation and distributed breach detection and automated attack mitigation.”

Guardicore Partner Program

The award-winning Guardicore Partner Program offers differentiated go-to-market service offerings and revenue opportunities for our growing ecosystem of partners. It is designed to drive value for partners by helping them gain a competitive advantage in the security marketplace. Guardicore partners can leverage the Guardicore Centra Security Platform to deliver project-based service engagements, embed it into an operational services model or simply resell to address a specific use case.  The Guardicore Partner Program was created to meet the unique needs of different partner types including resellers, service providers, managed security services and technology partners.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore Threat Intelligence Helps Cybersecurity Community Research Attacks and Mitigate Risks

Guardicore Labs Launches Freely Available Public Resource For Investigating Malicious IP Addresses and Domains

 

Boston, Mass. and Tel Aviv, Israel – March 25, 2019 – Guardicore, a leader in internal data center and cloud security, today announced the launch of its Guardicore Threat Intelligence community resource. Developed by the Guardicore Labs research team, Guardicore Threat Intelligence is a freely available public resource for identifying and investigating malicious IP addresses and domains. With an easy to understand dashboard, Guardicore Threat Intelligence rates top attackers, top attacked ports and top malicious domains, giving security teams the insight they need to research and understand attacks and mitigate risks.

“Based on our deployment and technology Guardicore has a unique view of the most recent threats that are targeting servers in the cloud and in data centers. As a company we believe in giving back to the community and contributing where we can to the benefit of all. Thus, the Guardicore Labs research team has made its data and research available for the public,” said Pavel Gurvich, Co-founder and CEO, Guardicore. “With the launch of Guardicore Threat Intelligence, the cyber security community now has the opportunity to benefit from the same insights leveraged by Guardicore to protect its customers. Busy security teams can now benefit from a trusted, freely available resource that allows them to keep track of potential threats and enjoy unique analysis specific to data center attacks.”

 

Guardicore Threat Intelligence Features
Guardicore Threat Intelligence is currently the only publicly available community resource to focus exclusively on data center attacks. Specifically, it includes data not available in other public feeds, including the role of IP addresses in specific attacks and detailed attack flow, providing context for attacks on Internet-facing servers with a single aggregated view. Security analysts, threat hunters, and incident response or forensics teams can leverage Guardicore Threat Intelligence as an aggregated source to verify threats, understand attack patterns, and update IoCs quickly, eliminating the need to check multiple feeds and accelerating the time to response. Ultimately, Guardicore Threat Intelligence can help defenders anticipate future attacks and mitigate risks. Guardicore sources data from its Guardicore Global Sensors Network (GGSN), which streams early threat information to Guardicore Labs’ team for new attack identification and analysis.

 

Availability & Contributions

Guardicore Threat Intelligence is freely available now at https://threatintelligence.guardicore.com. Contributions are welcome. Guardicore Labs invites the cybersecurity community to contribute to its Threat Intelligence knowledge base by submitting data, asking questions and collaborating with Guardicore researchers on additional findings.

 

Guardicore Labs

Guardicore Labs is a global research team, consisting of hackers, cybersecurity researchers and industry experts. Its mission is to deliver cutting-edge cyber security research, lead and participate in academic research and provide analysis, insights and response methodologies to the latest cyber threats. Guardicore Labs helps Guardicore customers and the security community to continually enhance their security posture and protect critical business applications and infrastructure.

 

Creators of Infection Monkey, a popular open-source network resiliency test tool, Guardicore Labs’ high-profile threat discoveries include the Hexmen multiple attack campaigns targeting database services, the Bondnet botnet used to mine different cryptocurrencies, Operation Prowli, a traffic manipulation and cryptocurrency mining campaign, and Butter, a brute force SSH attack on Linux machines that leaves a backdoor to deliver a Samba payload. To learn more visit Guardicore Labs.


About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

The cost of over-compliance

A few weeks ago I visited a prospect who presented me with an interesting business case.
They are a financial services company with all their applications hosted on their premises.
As expected from a financial services company, they are heavily regulated – having to meet PCI DSS and other standards and requirements.

When they started their business ~10 years ago, the core set of their applications were under that or another regulation. At that time a plausible solution was to define all of their production environment as “regulated” and implement all the requirements there. The overhead was small and it made a lot of sense to simplify the management of segregation of regulated from non-regulated.

But over the years the situation has changed quite a lot. In addition to financial applications that remain regulated, they added tens of other applications to their production environment and now the situation is that in fact fewer than 50% of their servers run regulated applications, and the overhead becomes quite big. They estimated a few hundreds of thousands of dollars annually “wasted” on compliance where it is not needed (from licenses on software, auditing hours, and time of compliance oriented engineers internally etc.)

So “why not separate the irrelevant applications from the regulated data-center?” you might ask, and so did I. But here are a few challenges that the prospect presented me with:

  1. The data center is quite complex today, spanning a few different virtualization solutions, networking equipment etc, so separating them into different VLANs will require quite a lot of networking effort.
  2. The regulated and non-regulated applications are interconnected – mapping those dependencies (for identifying the FW rules) is a very complex task without the right visibility.
  3. Some applications are business critical and they cannot afford the down-time associated with moving them to another VLAN, changing their IPs etc – just the thought of that scares away everyone from application owners to leadership.
  4. When looking deeper into the regulation requirements – they would like to separate the “regulated part” even further into separate segments, thus driving the compliance and auditing costs event further down. So take all the problems above and multiply them…
  5. As with all modern organizations, they would like to embrace “new” technologies such as cloud – so they would like to enable this easily within any change they implement in their IT and plan for future expansions.

What a perfect use-case for an overlay segmentation solution as Guardicore!!! We can help implement any size of segments, across any infrastructure, without any downtime, and help save quite a lot of money in the process of uplifting their security posture.

Want to hear more – talk to us.

CVE-2019-5736 – runC container breakout

A major vulnerability related to containers was released on Feb 12th. The vulnerability allows a malicious container that is running as root to break out into the hosting OS and gain administrative privileges.

Adam Iwanuik, one of the researchers who took part in the discovery shares in detail the different paths taken to discover this vulnerability.

The mitigations suggested as part of the research for unpatched systems are:

  1. Use Docker containers with SELinux enabled (–selinux-enabled). This prevents processes inside the container from overwriting the host docker-runc binary.
  2. Use read-only file system on the host, at least for storing the docker-runc binary.
  3. Use a low privileged user inside the container or a new user namespace with uid 0 mapped to that user (then that user should not have write access to runC binary on the host).

The first two suggestions are pretty straightforward but I would like to elaborate on the third one. It’s important to understand that Docker containers run as root by default unless stated otherwise. This does not explicitly mean that the container also has root access to the host OS but it’s the main prerequisite for this vulnerability to work.

To run a quick check whether your host is running any containers as root:


#!/bin/bash

# get all running docker container names
containers=$(docker ps | awk '{if(NR>1) print $NF}')

echo "List of containers running as root"

# loop through all containers
for container in $containers
do
    uid=$(docker inspect --format='{{json .Config.User}}' $container)
    if [ $uid = '"0"' ] ; then
        echo "Container name: $container"
    fi
done

In any case, as a best practice you should prevent your users from running containers as root. This can be enforced by existing controls of the common orchestration\management system. For example, OpenShift prevents users from running containers as root out of the box so your job here is basically done. However, in Kubernetes your can run as root by default but you can easily configure PodSecurityPolicy to prevent this as described here.

In order to fix this issue, you should patch the version of your container runtime. Whether you are just using a container runtime (docker) or some flavor of a container orchestration system (Kubernetes, Mesos, etc…) you should look up the instructions for your specific software version and OS.

How can Guardicore help?

Guardicore provides a network security solution for hybrid cloud environments that spans across multiple compute architectures, containers being one of them. Guardicore Centra is a holistic micro-segmentation solution that provides process-level visibility and enforcement of the traffic flows both for containers and VMs. This is extremely important in the case of this CVE, as the attack would originate from the host VM or a different container and not the original container in case of a malicious actor breaking out.

Guardicore can mitigate this risk by controlling which processes can actually communicate between the containers or VMs covered by the system.

Learn more about containers and cloud security

Banco Del Bajio, S.A., Selects Guardicore Centra Security Platform to Protect Data Center

Guardicore Chosen for Bank’s Data Center Security for Superior Micro-segmentation and Visibility Capabilities

Read more

5 Ways that PCI DSS Micro-Segmentation Can Help You Achieve Compliance

The consequences of non-compliance with regulations such as PCI-DSS and HIPAA are increasingly serious, while achieving compliance is only becoming more difficult because of dynamic workloads and hybrid IT environments. How can micro-segmentation make compliance easy again?