At the KubeCon + CloudNativeCon Europe 2022 conference this week, Lacework extended the reach of its security platform deeper into Kubernetes clusters.
The latest update to Lacework’s Polygraph Data Platform adds support for audit log monitoring, integration with the admission controller used in Kubernetes environments and the ability to remediate infrastructure-as-code (IaC) used to provision a cluster. That capability is based on technology Lacework gained with the acquisition of Soluble in 2021.
Lacework is making a case for a security platform that employs machine learning algorithms to gain visibility into complex modern application environments and then apply security policies to the runtimes on which those applications depend.
James Brown, senior director of product for Lacework, says the goal is to provide the guardrails development teams need to build secure applications without materially impacting the rate at which they are built and deployed. The challenge is finding a way to achieve that goal by automatically applying DevSecOps best practices so they don’t impede developer productivity, he notes.
Kubernetes represents a prime opportunity to implement those DevSecOps best practices as organizations are fundamentally changing the way applications are built and deployed. It’s not precisely clear what role security teams will play in these environments but, in theory, they will define the policies that are automatically applied during the application development process.
One way or another, an increased focus on software supply chain security in the wake of a series of high-profile breaches will fundamentally change how applications are built and deployed. The challenge is to implement security safeguards without requiring every developer to become a security expert. Providing developers with better tools and security training is always a good idea, but it’s unreasonable to expect every developer to become an application security expert. Guardrails that prevent developers from making mistakes need to be built into the DevOps workflow.
There is no shortage of platforms for securing containerized applications, of course. The challenge is that many organizations have always received funding for application security. Most security teams are focused on areas they directly control, like network perimeters and endpoint security. Application security requires a level of collaboration that has been missing in most organizations. Application development teams tend to be more focused on tools rather than security platforms. Cybersecurity teams, however, are starting to realize they have a vested interest in reducing the number of vulnerabilities that find their way into production environments.
Container applications, in general, should be more secure than legacy monolithic applications that are difficult to patch. Once a vulnerability is discovered in a cloud-native application, the container in which the vulnerability is encapsulated is ripped and replaced. The challenge, of course, is the sheer number of containers that might be running in an IT environment. Many developers also tend to assume that, because a container might only run for a few seconds, there is not likely to be a security issue. The truth is, however, that while overall security might be better, there are still plenty of opportunities for mistakes to be made.