Aqua Security released the results of its 2021 Cloud Native Security Survey revealing the knowledge gap around runtime security and the associated risks. The study found that only 3% of respondents recognize that a container, in and of itself, is not a security boundary, indicating that the default security capabilities of containers are overestimated. This result is especially alarming in conjunction with the fact that only 24% of respondents have plans in place to deploy the necessary building blocks for runtime security.

Vishal Jain, Co-Founder and CTO at Valtix, says, "The Aqua Security report clearly shows the importance of network based ingress and egress security for container clusters. It is well known that container security boundaries are only enforced in the software (OS) as opposed to VMs, where they are enforced all the way down in processor hardware. A layered defense approach is critical. This is why it is important to deploy network based ingress and egress controls for container clusters to look for suspicious activity from nodes with compromised containers."

The report demonstrates the difficulty and complexity of understanding key cloud native security risks, along with how to counteract them. Despite recent reports showing the increased sophistication of cloud native attacks, only 18% of respondents realize they are at risk for zero days in containerized environments.

Confidence vs. Reality

While 32% of respondents were confident in overall holistic runtime security protection, detailed questions revealed that less than 23% of respondents in fact had the necessary building blocks of runtime security in place.

Supply Chain Risks

A knowledge gap around workload protection has led to a striking number of practitioners who believe they are protected from supply chain attacks in production, but in fact are not. While 73% believed that they could stop software supply chain attacks evading static analysis, there was an apparent misconception about the role of runtime security in achieving this protection.

Increasing Container Threats

In a recent threat report, Aqua found that attackers are becoming more proficient at hiding their methods and evading static scanning, while threats to container based environments have become more dangerous and more varied. Over a six-month period, Aqua observed honeypots being attacked 17,358 times, representing a 26% increase from just six months previously. The increasing volume of attacks demonstrates the importance of implementing holistic cloud native security, including runtime protection, in order to protect against attackers who have evaded detection and have access to the production environment.

Michael Isbitski, Technical Evangelist at Salt Security, says, "The observations in the Aqua Security report are certainly valid. I spent many days as an analyst explaining the pros and cons of native container security vs. third party container security offerings from vendors like Aqua, Stackrox, etc. Situations with container security also get worse than what the survey is highlighting. Practitioners sometimes misunderstand the application security and API security benefits of container security, whether it is from native container runtime features or 3rd party add-ons. Container security tooling focuses heavily on securing container images, container workloads, and container platforms. Application-layer and API security are still largely out of scope for container security."