CloudPassage is expanding its Halo security platform to help secure Docker container deployment.
The open-source Docker container virtualization technology has become increasingly popular for building, packaging and deploying applications. As Docker deployments grow, there is a need to make sure that proper enterprise security policy is applied, and the CloudPassage Halo system is aimed at addressing that challenge.
While Docker containers reduce the attack surface relative to other forms of virtualization, there are still risks. Docker was patched in both November and December 2014 for security issues that could have potentially enabled exploitation.
"It is our belief that you can run Docker securely, but it still requires the user to be responsible for configuration and security," Amrit Williams, CTO at CloudPassage, explained to eWEEK.
Although users can trust Docker containers, enterprises need to have visibility into what applications are doing, and corporate data compliance policies need to be respected, Williams said. That's where the CloudPassage Halo technology comes into play, providing a lightweight agent that enables visibility and control for Docker. Halo is CloudPassage's core product platform, which is delivered in a software-as-a-service (SaaS) model, with enterprise policy, security and management capabilities.
With the new Docker support, Halo is able to look both at the host server on which the Docker engine is deployed, as well as the Docker container in which an application is running. Additionally, CloudPassage is providing its Halo customers with best practices for Docker hardening to improve security on the host server.
"What we're doing is applying some of the security capabilities that are already needed and requested for existing traditional and virtual data centers and applying it to Docker containers," Williams said.
From an installation perspective, the way the Halo agent works is as a lightweight agent that can be integrated as part of an orchestration system for Docker deployment at scale. Popular orchestration system support includes Puppet, Chef and Ansible. The Halo agent collects information and waits for commands from the back-end Halo cloud service, Williams explained.
"As soon as the environment is live, whether it's a Docker container or a virtualized server, the Halo agent automatically performs several actions, including making sure that the firewall rules are applied and looking for any new vulnerabilities," Williams said.
Data coming back from the Halo agent to the cloud analytics back-end, is also used for vulnerability assessment and file-integrity monitoring.
CloudPassage has its own security research team that is looking at Docker security to help protect customers, Williams said.
Halo's log-based intrusion-detection system (LIDS) capability monitors logs for suspicious events.
CloudPassage also integrates with major security information and event management (SIEM) offerings, including Splunk, HP ArcSight and IBM qRadar, Williams said. "Since LIDS is sitting locally on every system that a company has us deployed into, we can find the needle in the haystack," he said.
Currently, the system does not yet provide an automated response to security events identified by LIDS, but that capability is coming in a future release. Overall, CloudPassage's goal with the new Docker support for Halo is about validating and improving security.
"It all comes down to the concept of 'trust, but verify,'" Williams said. "There are a lot of things that customers can do to deploy Docker securely, but it's a question of making sure that it stays secure and everyone is following the rules."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.