VMware adds container runtime protection to Carbon Black security portfolio

VMware is getting into the race to secure contemporary, cloud-native environments by including container runtime protection to its Carbon Black Container stability item, which it launched in April 2021.

Defending cloud-native environments at runtime is presenting builders and security professionals with a entire new established of security considerations, top them past just hardening a Kubernetes cluster and into the realms of dynamic vulnerability scanning, identity management, and accessibility controls.

Simply because containers are staying spun up and down all the time, securing container environments is relatively difficult, with a need for larger visibility and automation to maintain containers secure and compliant at all situations.

To satisfy these issues, VMware is introducing the pursuing options to its Carbon Black Container protection item:

  • Runtime cluster impression scanning: Protection or devops teams can automate runtime vulnerability scanning and personalize insurance policies to aid make sure container photos are normally safe.
  • Integrated alerts dashboard: To view occasions and anomalies in a runtime natural environment for more efficient investigation, correlation, and resolution of safety functions.
  • Kubernetes visibility mapping: Check out the architecture of an application to greater recognize vacation spot connections, opportunity workload plan violations, and susceptible images.
  • Workload anomaly detection: Standardize networking modules and alert protection teams to deviations.
  • Egress and ingress stability: Included visibility into any external source that is reaching out to a Kubernetes service for less complicated detection of destructive egress connectivity centered on the IP deal with and the behavioral information.
  • Danger detection: Scans open ports to check for vulnerabilities and speedily see if there is a lateral assault in progress.

“Protecting the runtime is the basis of securing the interior workings of a modern software,” Tom Gillis, standard supervisor for networking and state-of-the-art protection at VMware, reported in a statement. “With the introduction of container runtime defense, our close-to-finish safety featuring is now tightly built-in across the total application lifecycle, protects all east-west traffic, and provides a new amount of distributed visibility and stability to APIs.”

This require for bigger runtime security has led to a quick-escalating ecosystem of startups and protection vendors, like startups like Deepfence, Sysdig, Aqua Security, Anchore, and Lacework, as nicely as distributors who have acquired these capabilities, these kinds of as Palo Alto Networks’ TwistLock, Pink Hat’s StackRox, and Suse’s NeuVector.

Container runtime defense is offered right away for advanced bundle clients of VMware’s Carbon Black Container.

Copyright © 2022 IDG Communications, Inc.