Docker-style containers aren’t just a way to deploy software more quickly or flexibly. They can also be a way to make software more secure. Automatic analysis of the software components that go into containers, behavioral policies that span container clusters and multiple application versions, and innovative new developments in tracking and managing vulnerability data are just some of the ways containers are bolstering security for the entire application lifecycle.
How much of this comes out of the box, though, is another story. Container products provide the basics, but not always more than that, leaving more advanced monitoring or management solely in the hands of the admin. Here are four recently revamped products and services that bring additional kinds of security to containers, both in the cloud and in your own datacenter.
Twistlock Container Security Platform
Twistlock Container Security Platform features
Twistlock’s mainstay has been adding security controls for containers in scenarios that aren’t covered by “core” container products like Docker Enterprise. For example, added compliance controls for enforcing HIPAA and PCI rules on containers, and Twistlock 2.1 included compliance alerting for build tools like Jenkins.
With , Twistlock adds support for Kubernetes’s , so that a Kubernetes-managed deployment can be checked against a set of common criteria for securing Kubernetes. Twistlock now runs on Swarm-managed clusters as well as Kubernetes, although CIS checking is only available for Kubernetes.
, but users can try out a 30-day evaluation version without paying.
Sysdig Secure features
provides a set of tools for monitoring the security container runtime environments, and obtaining forensics from them. It’s intended to run hand-in-hand with Sysdig’s other instrumentation tools, such as Sysdig Monitor.
from Sysdig, with both cloud and on-prem editions available.
Atomicorp Secure Docker Kernels
Atomicorp Secure Docker Kernels features
is an alternative Linux kernel, for Ubuntu and CentOS, that makes use of a number of hardening tactics to offset potential attacks. Many of the protections, like hardened permissions for userland memory, are derived from Atomicorp’s general line of secure-kernel products. Others, like protection, are chiefly for Secure Docker Kernels.
Where to buy Atomicorp Secure Docker Kernels
Atomicorp offers Atomic Secured Docker Kernel for , and also offers versions of it on and Azure-hosted and .
Aqua Container Security Platform
Aqua Container Security Platform features
provides compliance and runtime security for both Windows containers and Linux containers.
Aqua Container Security Platform allows admins to apply security policies and risk profiles to applications. Those profiles can also be associated with different application build pipelines. Image scanning can be . Aqua Container Security Platform also lets you use application contexts to .
Aqua Container Security Platform also works with . Aqua Container Security Platform can record any vulnerability information it finds in an app’s Grafeas store, and Aqua policies can make use of Grafeas definition data for security incidents and software issues.
Where to buy Aqua Container Security Platform
Aqua CSP is available as either an on-prem or in-the-cloud offering. Free trial or open source versions are not available, but Aqua has that stem from its work with CSP.