Container security probes provide continuous penetration testing

Containerized applications bring many benefits — they are a fast way to deploy software across multiple computing environments. But securing containers is a challenge, since their unique attributes, particularly their ephemeral nature, means that they have been treated differently by security professionals in comparison to other endpoints.

Penetration testing and offensive assessment, for example, are rarely performed on containerized systems, notes Spencer Thompson, co-founder and CEO of Prelude Security. That’s a problem, since containers are still internet-facing devices and can have the same vulnerabilities.

Prelude Security’s latest enhancement to its Probes product offering is designed to help CISOs by letting users run continuous security tests on production endpoints — whether they’re running Linux, macOS, Windows, or are containerized.

Granular vulnerability testing for containers

The company’s Probes — which are tiny processes, between 1KB and 2KB in size — will now function properly in containerized environments, enabling far more accurate and granular vulnerability testing than was previously possible, according to a company announcement Wednesday. Each probe can actively test for known CVEs and report back to a central web console.

Probes are dormant most of the time, according to Thompson, and don’t require root permissions to function. They can be installed using scripts or via a Docker extension.

The use of even a small-process agent lets Prelude identify not only potential vulnerabilities, but also decide whether or not those vulnerabilities are exploitable, as Probes will attempt to exploit any that it finds in a non-invasive way.

“You’ll see lots of organizations that will have, say, thousands of devices and potentially millions of vulnerabilities,” Thompson said. “Now you have all the steps underneath that are basically creating a priority set to say, there’s not a million theoretical vulnerabilities, there’s 12 containers that you need to pay attention to because they’re in an unprotected state right now.”

The new Probes allows users to deploy them whenever a new container is deployed.

“The probe can be ephemeral or persistent,” he said. “So you can use it if you have containers that you’re basically using as persistent VMs, and you can run it where you’re tearing [a container] down 50 times a day.”

Prelude was founded in 2020, and it’s backed by several venture capital firms, as well as investments from Crowdstrike. Those investments have also prompted a partnership between the two companies, aimed at bringing Prelude’s technology to Crowdstrike’s Falcon platform.

Prelude’s Probes are free to use on up to 25 endpoints at a time, and are available on a price-per-host basis beyond that, with a token system set up to help address the fluid nature of containerized systems. They’re available now.

Application Security, DevSecOps

Go to Source