Trend Micro Incorporated, the leader in cloud security, announced its advanced container security solution Cloud One – Container Security. Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimize application downtime across their Kubernetes environments, from a single tool.
This new service is an important addition to Trend Micro’s Cloud One services platform that was introduced last year. As IDC stated, “Trend Micro launched Cloud One, its integrated cloud security services (SaaS) platform that addresses customers’ security challenges around datacenter servers and virtual machines, IaaS workloads, containers and containers services, cloud security posture management, cloud file and object storage services, and serverless.”
Global organizations are increasingly leveraging containers to accelerate cloud migration, rearchitect monolithic applications and build and integrate seamless cloud native applications. This can create security gaps that traditional network and endpoint tools are not capable of addressing.
“Containers are helping teams innovate faster by simplifying development and deployment. To safely keep this pace, teams needs to integrate security practices more easily in the container lifecycle,” said Mark Nunnikhoven, vice president of Cloud Research at Trend Micro. “That’s where this new service comes into play perfectly. It provides automated continuous protection at three critical stages of the container lifecycle; build, deploy, and run.”
Trend Micro Cloud One Container Security offers three main elements:
Container image scanning
This scans at build time for the earliest possible detection and lowest cost remediation. In addition, through partnership with Snyk there is a scan against the market leading open source vulnerability database. This provides early detection and mitigation of vulnerabilities in third-party code dependencies. Cloud One – Container Security will:
- Look for vulnerabilities in the packages included in the container
- Detect malware using signatures and advanced machine learning techniques
- Find embedded secrets such as passwords, API tokens, or license keys
- Sweep for IoCs using industry-standard Yara rules
Policy-based deployment control
Container security enables you to create policies that allow or block deployments based on set rules. Native integration with Kubernetes ensures that all deployments run in a production environment are safe.
Cloud-native runtime security
Once an image has been deemed safe and is deployed into production, Cloud One Container Security will protect the container in the runtime environment. This offers ongoing vulnerability detection for the containerized application and provides relevant feedback to security and DevOps teams in case further action is needed.
Image licensed by Stocksnap.com